CA2219857C - Enhanced encryption control system for a mail processing system having data center verification - Google Patents
Enhanced encryption control system for a mail processing system having data center verification Download PDFInfo
- Publication number
- CA2219857C CA2219857C CA002219857A CA2219857A CA2219857C CA 2219857 C CA2219857 C CA 2219857C CA 002219857 A CA002219857 A CA 002219857A CA 2219857 A CA2219857 A CA 2219857A CA 2219857 C CA2219857 C CA 2219857C
- Authority
- CA
- Canada
- Prior art keywords
- key
- meter
- keys
- postage meter
- pred
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00435—Details specific to central, non-customer apparatus, e.g. servers at post office or vendor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00016—Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
- G07B17/0008—Communication details outside or between apparatus
- G07B2017/00153—Communication details outside or between apparatus for sending information
- G07B2017/00161—Communication details outside or between apparatus for sending information from a central, non-user location, e.g. for updating rates or software, or for refilling funds
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00016—Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
- G07B17/0008—Communication details outside or between apparatus
- G07B2017/00153—Communication details outside or between apparatus for sending information
- G07B2017/00169—Communication details outside or between apparatus for sending information from a franking apparatus, e.g. for verifying accounting
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/0079—Time-dependency
- G07B2017/00798—Time-dependency using timestamps, i.e. recording time in message
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/00854—Key generation
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/0087—Key distribution
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/0087—Key distribution
- G07B2017/00887—Key distribution using look-up tables, also called master tables with pointers
Abstract
A key control system comprises the generation of a first set of predetermined keys K pred which are then used as master keys for a plurality of respective postage meters. The keys are then related to a respective meter in accordance with a map or algorithm. The predetermined master key K pred is encrypted with the date to yield a date dependent key K dd related to the respective meter. The date dependent key is encrypted with a unique identifier or the respective meter to yield a unique key K final that is by the respective meter to generate digital tokens. The Data Center encrypts the date with each predetermined key K pred to yield a table of dependent keys K dd's. The table of K dd's are distributed to verification sites. The verification site reads a meter's identification from a mailpiece being verified to obtain the dependent key K dd of the meter. The verification site encrypts the dependent key K dd with the unique identifier to obtain the unique meter key which is used to verify tokens generated by the meter. In the preferred embodiment, the master key K pred, the date dependent key K dd, and the unique key K final, in the meter are stored in the meter. In an alternate embodiment, the master key K pred is encrypted with a unique meter identifier to obtain the unique key K final which is stored in the meter. The meter then generates its date dependent key K dd, which is used to generate digital tokens.
Description
ENHANCED ENCRYPTION CONTROL SYSTEM FOR A MAIL
PROCESSING SYSTEM HAVING DATA CENTER VERIFICATION
Field of the Invention The invention relates to mail processing systems and more particularly s to security of postage metering systems.
Back4round of the Invention Recent advances in digital printing technology have made it possible to implement digital, i.e., bit map addressable, printing for the purpose of evidencing payment of postage by a postage-meter-like device. Where io necessary in order to distinguish such postage-meter-like devices from the typical postage meter, such devices will be called herein Postage Evidencing Devices or PED's. In such devices, the printer may be a typical stand-alone printer. The computer driven printer of such a PED can print the postal indicia in a desired location on the face of a mail piece. Further, as used is herein the postal indicia will be defined as the Postal Revenue Block or PRB.
The PRB typically contains data such as the postage value, a unique PED
identification number, the date and in some applications the name of the place where the mail is originating. It must be noted, however, that the term postage meter as used herein will be understood to cover the various types of 20 postage accounting systems including such PED's and is not to be limited by the type of printer used.
From the Post Office's point of view, it will be appreciated that a serious problem associated with PED's is that the digital printing makes it fairly easy to counterteit the PRB since any suitable computer and printer 2s may be used to generate multiple images. In fact, many of these new PED
systems may be using printers that are able to print legitimate indicia which are indistinguishable from those printed by others that are printed without any attempt to purchase postage.
PROCESSING SYSTEM HAVING DATA CENTER VERIFICATION
Field of the Invention The invention relates to mail processing systems and more particularly s to security of postage metering systems.
Back4round of the Invention Recent advances in digital printing technology have made it possible to implement digital, i.e., bit map addressable, printing for the purpose of evidencing payment of postage by a postage-meter-like device. Where io necessary in order to distinguish such postage-meter-like devices from the typical postage meter, such devices will be called herein Postage Evidencing Devices or PED's. In such devices, the printer may be a typical stand-alone printer. The computer driven printer of such a PED can print the postal indicia in a desired location on the face of a mail piece. Further, as used is herein the postal indicia will be defined as the Postal Revenue Block or PRB.
The PRB typically contains data such as the postage value, a unique PED
identification number, the date and in some applications the name of the place where the mail is originating. It must be noted, however, that the term postage meter as used herein will be understood to cover the various types of 20 postage accounting systems including such PED's and is not to be limited by the type of printer used.
From the Post Office's point of view, it will be appreciated that a serious problem associated with PED's is that the digital printing makes it fairly easy to counterteit the PRB since any suitable computer and printer 2s may be used to generate multiple images. In fact, many of these new PED
systems may be using printers that are able to print legitimate indicia which are indistinguishable from those printed by others that are printed without any attempt to purchase postage.
In order to validate a mailpiece, that is to assure that accounting for the postage amount printed on a mailpiece has been properly done, it is known that one may include as a part of the franking an encrypted number such that, for instance, the value of the franking may be determined from the s encryption to learn whether the value as printed on the mailpiece is correct.
See, for example, U.S. Patent Nos. 4,757,537 and 4,775,246 to Edelmann et al. as well as U.S. Patent No. 4,649,266 to Eckert. It is also known to authenticate a mailpiece by including the address as a further part of the encryption as described in U.S. Patent No. 4,725,718 to Sansone et al and io U.S. Patent No. 4,743,747 to Fougere et al.
U.S. Patent No. 5,170,044 to Pastor describes a system wherein include a binary array and the actual arrays of pixels are scanned in order to identify the provider of the mailpiece and to recover other encrypted plaintext information. U.S. Patent No. 5,142,577 to Pastor describes various is alternatives to the DES encoding for encrypting a message and for comparing the decrypted postal information to the plaintext information on the mailpiece.
U.K. 2,251,210A to Gilham describes a meter that contains an electronic calendar to inhibit operation of the franking machine on a periodic basis to ensure that the user conveys accounting information to the postal 2o authorities. U.S. Patent No. 5,008,827 to Sansone et al. describes a system for updating rates and regulation parameters at each meter via a communication network between the meter and a data center. While the meter is on-line status registers in the meter are checked and an alarm condition raised if an anomaly is detected.
25 U.S. Patent No. 5,390,251 to Pastor et al. describes a mail processing system for controlling the validity of printing of indicia on mailpieces from a potentially large number of users of postage meters includes apparatus disposed in each postage meter for generating a code and for printing the code on each mailpiece. The code is an encrypted representation of the 3o postage meter apparatus printing the indicia and other information uniquely determinative of the legitimacy of postage on the mailpieces. The keys for the code generating apparatus are changed at predetermined time intervals in each of the meters. A security center includes apparatus for maintaining a security code database and for keapirtg tack of the keys for generating security codes in correspondence with the changes in each generating .
apparatus and the information printed on the mailpiece by the postage meter apparatus for comparison with the code printed on the mailpiece. There may s be two codes printed, one used by the Postal Service for its security checks and one by the manufacturer. The encryption key may be changed at predetermined intervals or on a daily basis or for printing each mailpiece.
It will be appreciated that in order to verify the information in the PRB
using the encrypted message, the verifier must first be able .to obtain the key io used by the particular meter. In trying to deal with mailing systems which may incorporate such encryption systems, it must be recognized that the meter population is large and subject to constant fluctuation as meters are added and removed from service. If the same key were to be used for ail meters, the key distribution is simple but the system is not secure. Once the is code is broken by anyone, the key may be made available to others using the system and the entire operation is compromised. However, if separate keys are used respectively for each meter then key management potentially becomes extremely difficult considering the fluctuations in such a large population.
2o Canadian Patent Application Serial No. 2,133,679, filed October 5, 1994, and assigned to the assignee of the instant application, describes a key management system for mail processing that assigns one of a set of predetermined keys by a determined relationship to a particular meter, effectively allowing multiple meters to share a single key. The key 2s management system includes the generation of a first set of keys which are then used for a plurality of respective postage meters. A first key of the first set of keys is then related to a specific meter in accordance with a map or algorithm. The first key may be changed by entering a second key via an encryption using the first key.
Summary of the Invention It has been found that although the system described in Canadian Patent Application Serial No. 2,133,679 previously noted and hereafter referred to a the "1000 key system", provides a manageable key management s system, the system has multiple meters sharing the same key.
It is therefore an object of the invention to provide a key management system which provides the improved security 1000 key system and yet which will allow ease of key management in a very large system.
It is another object to provide a method for easily changing the keys for to each meter in a manner that provides improved security and system wide tracking of the key changes.
In accordance with the present invention, a key control system comprises the generation of a first set of predetermined keys Kp,ed which are then used as master keys for a plurality of respective postage meters. The is keys are then related to a respective meter in accordance with a map or algorithm. The predetermined master key KP~ed is encrypted with the date to yield a date dependent key Kdd related to the respective meter. The date dependent key is encrypted with a unique identifier of the respective meter to yield a unique key Kf~a~ that is used by the respective meter to generate 2o digital tokens. The Data Center encrypts the date with each predetermined key Kp~~ to yield a table of dependent keys Kdd's. The table of I~,d's are distributed to verification sites. The verification site reads a meter's identification from a mailpiece being verified to look up the dependent key Kdd of the meter from the distributed table. The verification site encrypts the 2s dependent key ICdd with the unique identifier to obtain the unique meter key which is used to verify tokens generated by the meter.
In a preferred embodiment, the method in accordance with the invention further comprises the steps of storing the master key Kpred, the date dependent key Kdd, and the unique key Kr,~a~ , in the meter.
3o In an alternate embodiment, the master key ICpred is encrypted with a unique meter identifier to obtain the unique key Kr,~a~ which is stored in the meter. The meter then generates its date dependent key Kaa, which is used to generate digital tokens.
In accordance with another aspect of the present invention, there is provide a method for key management for controlling the keys used in 5 encoding information to be printed on a mailpiece for validating the mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key Set Kp~ed(1-n)~
assigning one of said plurality of keys Kpred to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
encrypting said assigned key Kprea with a date to obtain an assigned date dependent key Kaa; and combining the assigned date dependent key Kaa with information unique to the particular postage meter M~~i to produce a final key Kfnai for the particular postage meter M, such that Kfi"a~ = f(Kaa, Mu~~).
In accordance with another aspect of the present invention, there is provide a method for key management for controlling the keys used in encoding information to be printed on a mailpiece for validating the mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key set Kprea(~-n);
assigning one of said plurality of keys Kp~ed to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
combining the assigned key Kprea with information unique to the particular postage meter M""; to produce a final key Kf"a~ for the particular postage meter M, such that Kf~a~ = f(Kprea, Muni); and storing said final key Kfnai in the particular postage meter M.
In accordance with another aspect of the present invention, there is provide a method for key management for controlling the keys used in encoding information to be printed on a mailpiece for validating the mailpiece Sa the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key Set Kpred(1-n);
assigning one of said plurality of keys Kp~ed to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
installing the assigned key Kprea in the particular postage meter M;
encrypting said assigned key Kprea with a date to obtain an assigned date dependent key Kaa; and combining the assigned date dependent key Kaa with information unique to the particular postage meter Mun; to produce a final key Kfna~ for the particular postage meter M, such that Kfna~ = f(Kaa, Mun~).
In accordance with another aspect of the present invention, there is provided a method for key management for controlling keys used in the 1 S verification of encoded information printed on a mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key Set Kp~ed(1-n);
encrypting a date with each Kp~ea in said fixed key Set Kpred(~-n) to yield a table of date dependent keys Kad(1-n);
distributing said table of date dependent keys Kaa(1-n) to verification sites;
reading plaintext information printed on a mailpiece, said plaintext information including a meter ID identifying a particular postage meter M;
finding a date dependent key Kaa corresponding to the particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function of said meter ID;
encrypting said meter ID with said date dependent key Kaa to obtain a final key Kf~a~;
encrypting at least some part of the plaintext information using said final key Kf"ai to obtain a code;
comparing said code with encoded information printed on the Sb mailpiece; and validating the mailpiece when said code matches said encoded information.
Description of the Drawings The above and other objects and advantages of the present invention will be apparent upon consideration of the following detailed description, taken in conjunction with accompanying drawings, in which like reference characters refer to like parts throughout, and in which:
Fig. 1 is a schematic view of a system which may be used in accordance with the invention;
Figs. 2a and 2b illustrates the information which may be printed in a first embodiment of a PRB in accordance with the invention;
Figs. 3a and 3b illustrate an alternative to the information shown in Fig.
2a and 2b;
Fig. 4 is a flow chart of the operation for providing keys in accordance is with the invention;
Fig. 5 is a flow chart of meter operation in accordance with the preferred embodiment of the present invention;
Fig. 6 is a flow chart of meter operation in accordance with an alternate embodiment of the present invention;
Fig. 7 is a flow chart of data center operation in accordance with the preferred embodiment of the present invention;
Fig. 8 is a flow chart of the verification process;
Fig. 9 is a block diagram of the preferred embodiment of the present invention; and Fig. 10 is a block diagram of an alternate embodiment of the present invention.
SC
Description of the Preferred Embodiment In Fig. 1, there is shown generally at 10 an overall system in accordance with the invention. In the embodiment illustrated, the system comprises a meter or PED 12 interacting with a plurality of different centers.
s A first center is a well-known meter-fund resetting center 14 of a type described, for example, in U.S. Patent No. 4,097,923 which is suitable for remotely adding funds to the meter to enable it to continue the operation of dispensing value bearing indicia. (n accordance with the invention there is also established a security or forensic center 16 which may of course be physically located at the resetting center 14 but is shown here separately for ease of understanding. Alternatively, such a security or forensic center could be an entirely separate facility maintained by the Postal Authorities, for instance, or two separate facilities may be maintained in order to provide io levels of security, if desired. The dashed lines in Fig. 1 indicate telecommunication between the meter 12 and the resetting center 14 (andlor forensic center 16).
Typically, there may be an associated meter distribution center 18 which is utilized to simplify the logistics of placing meters with respective is users. Similarly, a business processing center 20 is utilized for the purpose of processing orders for meters and for administration of the various tasks relating to the meter population as a whole.
The meter manufacturer indicated at 22 provides customized meters or PED's to the distribution center 18 after establishing operability with shop 2o checks between the manufacturer and the resetting center 14 and forensic center 16. The meter or PED is unlocked at the user's facility by a customer service representative indicated here by the box 24.
At the resetting center 14 a database 26 relating to meters and meter transactions is maintained. The resetting combinations are generated by a 25 secured apparatus labeled here as the Black Box 28. The details of such 8 resetting arrangement are found in U.S. Patent No. 4,097,92;
Database 30 and a secured encryption generating apparatus, so designated here as Orange Box 32, are maintained at the security or forensic center 16. The orange box preferably uses the DE$ standard encryption techniques to provide a coded output based on the keys and other information in the message string provided to it. It will be understood that other encryption arrangements are known and the invention is not limited to the specific embodiment using DES encryption. The security or forensic center 16, wherever maintained, is preferably connected by telecommunication with any Post Office inspection station, one of which is s indicated here at 34.
Further details are to be found in Canadian Patent Application Serial No. 2,133,67~~, Meter 12, as illustrated, includes a secure clock 40 that is used to io provide a calendar function programmed by the manufacturer. The clock and calendar function cannot be modified by the user. Such clocks are well known and may be implemerited in computer routines or in dedicated chips which provide programmable calendar outputs. Also stored within the registers of the meter 12 are a fund resetting key 42, security key 44, is expiration dates 46 and preferably, an inscription enable flag 48.
Preferably, in order to prevent the breaking of the encrypted messages to be printed by the postage meter, the security key 44 is changed at predetermined intervals as discussed below.
. The security key 44 is used in conjunction with a DES encrypter~in the 2o meter 12 to provide an encryption of certain information in the PRB for each rinting of the PRB on a mailpiece. At each pririting operation, the entire encrypted message may be printed on the mailpiece. However, preferably the cipher, hereafter referred to herein as an ECODE (also referred to as a digital token) is a truncated ciphertext produced by DES encryption of the 2s message based on postage information available to the meter. Verification at the security center consists of verifying that the encrypted information is consistent with~the ECODE.
If automatic checking of the ECODE is desired, both the ECODE and the plaintext must be machine readable. A typical length of plaintext 3o information is, for example only and not by way of limitation, the sum of the meter ID (typically 7 digits), a date (preferably 2 digits, suitably the last 2 of the number of days from a predetermined starting date such as January 1 ), the postage amount (4 digits), and the piece count for a typical total of 16 digits. Reading devices for lifting the information either from a bar-code on the mailpiece or as OCR are well-known and will not be further discussed.
A DES block is conventionally 64-bits long, or approximately 20 decimal digits. A cipher block is an encryption of 64 bits of data. It will be s appreciated that other information may be selected and that less than the information provided here may be encrypted in other embodiments of the invention. It is however important to note that the information to be encrypted must be identical to that used in verification. To this end the plaintext message may include data which indicates the particular information which is io encrypted. This may take the form of an additional character, additional bar coding or a marking on the mailpiece as may be found desirable.
If desired, a second ECODE could be printed using a DES key from a set of keys PS-DES known to the Postal Service. Alternatively the Postal Service could elect to manage its own set of keys as described in connection Is with the key management system described below.
In a first embodiment, as shown in Figs. 2a and 2b, the plaintext is encrypted using one of the keys from PS-DES. The Postal Service uses the same key from the set PS-DES to verify the message. A higher level of security is provided by the second ECODE.
2o In a second embodiment, two ECODEs are generated and printed on the mailpiece, one using a PS-DES key provided by the Post Service and the other using a Vendor-DES key provided, for example, by the manufacturer or security center. The Postal Service can then verify the message using its own code generating and key management system while the vendor can 2s separately verify the validity of the message using the ECODE generated using its separate key system. Figs. 3a and 3b show the format of this second embodiment.
Fig. 4 shows an arrangement for managing meter master keys as disclosed in Canadian Patent Application Serial No. 2,133,679, previously 3o noted. First a large, fixed set of predetermined keys KP~ed's is generated, at step 400. As seen below, the system S in accordance with the invention comprises a set of pointers {p}, a set of keys indexed by the pointer {keyp}
and a map F or generating algorithm from the set of meter ID's {M} to the set of pointers. Thus:
S = ( F, {p}, keyp} ) is the system F: {M} -> {p}
s and F(M) = F(meter ID) = p finds the pointer to the key for a given meter M.
Thus, returning to Fig. 4, as an example, the set of pointers {p} which may be the integers from 1 to 1000, are created from meter parameters, at io step 405. The function F may be then chosen as, again for example, the DES
encryption of meter ID using a DES key K, preferably truncated to three digits, at step 410 and a look-up table is generated, at step 415. It will be understood that other functional relationships may be chosen. The look-up table comprises a set of meter ID's and their assigned pointers. For the is greatest security, it will be appreciated that the relationship between a pointer p and the corresponding key should not be easily discoverable nor should the relationship between the pointer and the meter ID. It will also be understood that the function F should be maintained in secret.
Referring now to Figs. 5 and 9, the preferred embodiment of the 2o present invention is shown. At step 420, using the meter ID of a specific meter in the look-up table, the corresponding ICP~~ is stored in the meter. At step 430, a date dependent key Kdd is generated from the predetermined key !(P,~ by encrypting the date with KP~~, to yield the Kdd for the meter. At step 435, a unique meter identifier, such as a meter serial number, is encrypted 2s with the date dependent key Kdd to produce a unique key Kf~a~ for the meter.
The meter generates digital tokens using its unique key l4nal.
Referring now to FIGs. 6 and 10, an alternate embodiment of the meter operation is shown. At step 470, a unique meter identifier, such as a meter serial number, is encrypted with the predetermined master key KP~ed to yield a unique key Kr,~a~ for the meter. The unique meter key Kh~a~ is stored in the meter at step 475. ICfnal is used to generate a date dependent key Kdd in the meter by encrypting the date with Kf~a, to produce date dependent key Kdd.
Referring now to Fig. 7, the data center operation for the preferred s embodiment is shown. At step 450, the date is encrypted with each predetermined master key Kp,ed to yield a table of date dependent keys 14,d 's.
At step 455, the data center distributes the table of Kdd 's to each of the verification sites for use in verifying digital tokens generated by the meters.
Referring now to Fig. 8, a verification process is shown using the key to management system in accordance with the present invention. In order to verify a mailpiece, the meter ID number printed on the mailpiece is read at step 500. At step 510, using the meter ID number a date dependent key Kdd is found in the table of Kdd's distributed by the data center. The key is found using the lookup table or algorithm F from the given meter number. At step is 515, the identical unique meter data that was used by the meter to obtain the meter's unique key Kf~al is encrypted with the date dependent key Kdd. At step 520, the identical plaintext information used to create the ECODE is now encrypted at the security center using Kr,~a,, and the result is compared with the code printed on the mailpiece, at step 530. If there is a match at decision 2o at step 540, the mailpiece is valid. If not the NO branch will trigger an alarm.
Returning for the moment to Fig. 2a and Fig. 3a, the Postal Service is able in these embodiments to obtain the PS-DES pointer directly from the indicia without using the process shown in Fig. 8. In the cases illustrated in Figs. 2b and 3b, the DES pointer is obtained by using a predetermined 2s algorithm applied to the information printed in the PED ID as described in connection with Fig. 8.
While the present invention has been disclosed and described with reference to the embodiments disclosed herein, it will be apparent that variations and modifications may be made therein. It is, thus, intended in the 3o following claims to cover each variation and modification that falls within the true spirit and scope of the present invention.
See, for example, U.S. Patent Nos. 4,757,537 and 4,775,246 to Edelmann et al. as well as U.S. Patent No. 4,649,266 to Eckert. It is also known to authenticate a mailpiece by including the address as a further part of the encryption as described in U.S. Patent No. 4,725,718 to Sansone et al and io U.S. Patent No. 4,743,747 to Fougere et al.
U.S. Patent No. 5,170,044 to Pastor describes a system wherein include a binary array and the actual arrays of pixels are scanned in order to identify the provider of the mailpiece and to recover other encrypted plaintext information. U.S. Patent No. 5,142,577 to Pastor describes various is alternatives to the DES encoding for encrypting a message and for comparing the decrypted postal information to the plaintext information on the mailpiece.
U.K. 2,251,210A to Gilham describes a meter that contains an electronic calendar to inhibit operation of the franking machine on a periodic basis to ensure that the user conveys accounting information to the postal 2o authorities. U.S. Patent No. 5,008,827 to Sansone et al. describes a system for updating rates and regulation parameters at each meter via a communication network between the meter and a data center. While the meter is on-line status registers in the meter are checked and an alarm condition raised if an anomaly is detected.
25 U.S. Patent No. 5,390,251 to Pastor et al. describes a mail processing system for controlling the validity of printing of indicia on mailpieces from a potentially large number of users of postage meters includes apparatus disposed in each postage meter for generating a code and for printing the code on each mailpiece. The code is an encrypted representation of the 3o postage meter apparatus printing the indicia and other information uniquely determinative of the legitimacy of postage on the mailpieces. The keys for the code generating apparatus are changed at predetermined time intervals in each of the meters. A security center includes apparatus for maintaining a security code database and for keapirtg tack of the keys for generating security codes in correspondence with the changes in each generating .
apparatus and the information printed on the mailpiece by the postage meter apparatus for comparison with the code printed on the mailpiece. There may s be two codes printed, one used by the Postal Service for its security checks and one by the manufacturer. The encryption key may be changed at predetermined intervals or on a daily basis or for printing each mailpiece.
It will be appreciated that in order to verify the information in the PRB
using the encrypted message, the verifier must first be able .to obtain the key io used by the particular meter. In trying to deal with mailing systems which may incorporate such encryption systems, it must be recognized that the meter population is large and subject to constant fluctuation as meters are added and removed from service. If the same key were to be used for ail meters, the key distribution is simple but the system is not secure. Once the is code is broken by anyone, the key may be made available to others using the system and the entire operation is compromised. However, if separate keys are used respectively for each meter then key management potentially becomes extremely difficult considering the fluctuations in such a large population.
2o Canadian Patent Application Serial No. 2,133,679, filed October 5, 1994, and assigned to the assignee of the instant application, describes a key management system for mail processing that assigns one of a set of predetermined keys by a determined relationship to a particular meter, effectively allowing multiple meters to share a single key. The key 2s management system includes the generation of a first set of keys which are then used for a plurality of respective postage meters. A first key of the first set of keys is then related to a specific meter in accordance with a map or algorithm. The first key may be changed by entering a second key via an encryption using the first key.
Summary of the Invention It has been found that although the system described in Canadian Patent Application Serial No. 2,133,679 previously noted and hereafter referred to a the "1000 key system", provides a manageable key management s system, the system has multiple meters sharing the same key.
It is therefore an object of the invention to provide a key management system which provides the improved security 1000 key system and yet which will allow ease of key management in a very large system.
It is another object to provide a method for easily changing the keys for to each meter in a manner that provides improved security and system wide tracking of the key changes.
In accordance with the present invention, a key control system comprises the generation of a first set of predetermined keys Kp,ed which are then used as master keys for a plurality of respective postage meters. The is keys are then related to a respective meter in accordance with a map or algorithm. The predetermined master key KP~ed is encrypted with the date to yield a date dependent key Kdd related to the respective meter. The date dependent key is encrypted with a unique identifier of the respective meter to yield a unique key Kf~a~ that is used by the respective meter to generate 2o digital tokens. The Data Center encrypts the date with each predetermined key Kp~~ to yield a table of dependent keys Kdd's. The table of I~,d's are distributed to verification sites. The verification site reads a meter's identification from a mailpiece being verified to look up the dependent key Kdd of the meter from the distributed table. The verification site encrypts the 2s dependent key ICdd with the unique identifier to obtain the unique meter key which is used to verify tokens generated by the meter.
In a preferred embodiment, the method in accordance with the invention further comprises the steps of storing the master key Kpred, the date dependent key Kdd, and the unique key Kr,~a~ , in the meter.
3o In an alternate embodiment, the master key ICpred is encrypted with a unique meter identifier to obtain the unique key Kr,~a~ which is stored in the meter. The meter then generates its date dependent key Kaa, which is used to generate digital tokens.
In accordance with another aspect of the present invention, there is provide a method for key management for controlling the keys used in 5 encoding information to be printed on a mailpiece for validating the mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key Set Kp~ed(1-n)~
assigning one of said plurality of keys Kpred to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
encrypting said assigned key Kprea with a date to obtain an assigned date dependent key Kaa; and combining the assigned date dependent key Kaa with information unique to the particular postage meter M~~i to produce a final key Kfnai for the particular postage meter M, such that Kfi"a~ = f(Kaa, Mu~~).
In accordance with another aspect of the present invention, there is provide a method for key management for controlling the keys used in encoding information to be printed on a mailpiece for validating the mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key set Kprea(~-n);
assigning one of said plurality of keys Kp~ed to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
combining the assigned key Kprea with information unique to the particular postage meter M""; to produce a final key Kf"a~ for the particular postage meter M, such that Kf~a~ = f(Kprea, Muni); and storing said final key Kfnai in the particular postage meter M.
In accordance with another aspect of the present invention, there is provide a method for key management for controlling the keys used in encoding information to be printed on a mailpiece for validating the mailpiece Sa the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key Set Kpred(1-n);
assigning one of said plurality of keys Kp~ed to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
installing the assigned key Kprea in the particular postage meter M;
encrypting said assigned key Kprea with a date to obtain an assigned date dependent key Kaa; and combining the assigned date dependent key Kaa with information unique to the particular postage meter Mun; to produce a final key Kfna~ for the particular postage meter M, such that Kfna~ = f(Kaa, Mun~).
In accordance with another aspect of the present invention, there is provided a method for key management for controlling keys used in the 1 S verification of encoded information printed on a mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key Set Kp~ed(1-n);
encrypting a date with each Kp~ea in said fixed key Set Kpred(~-n) to yield a table of date dependent keys Kad(1-n);
distributing said table of date dependent keys Kaa(1-n) to verification sites;
reading plaintext information printed on a mailpiece, said plaintext information including a meter ID identifying a particular postage meter M;
finding a date dependent key Kaa corresponding to the particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function of said meter ID;
encrypting said meter ID with said date dependent key Kaa to obtain a final key Kf~a~;
encrypting at least some part of the plaintext information using said final key Kf"ai to obtain a code;
comparing said code with encoded information printed on the Sb mailpiece; and validating the mailpiece when said code matches said encoded information.
Description of the Drawings The above and other objects and advantages of the present invention will be apparent upon consideration of the following detailed description, taken in conjunction with accompanying drawings, in which like reference characters refer to like parts throughout, and in which:
Fig. 1 is a schematic view of a system which may be used in accordance with the invention;
Figs. 2a and 2b illustrates the information which may be printed in a first embodiment of a PRB in accordance with the invention;
Figs. 3a and 3b illustrate an alternative to the information shown in Fig.
2a and 2b;
Fig. 4 is a flow chart of the operation for providing keys in accordance is with the invention;
Fig. 5 is a flow chart of meter operation in accordance with the preferred embodiment of the present invention;
Fig. 6 is a flow chart of meter operation in accordance with an alternate embodiment of the present invention;
Fig. 7 is a flow chart of data center operation in accordance with the preferred embodiment of the present invention;
Fig. 8 is a flow chart of the verification process;
Fig. 9 is a block diagram of the preferred embodiment of the present invention; and Fig. 10 is a block diagram of an alternate embodiment of the present invention.
SC
Description of the Preferred Embodiment In Fig. 1, there is shown generally at 10 an overall system in accordance with the invention. In the embodiment illustrated, the system comprises a meter or PED 12 interacting with a plurality of different centers.
s A first center is a well-known meter-fund resetting center 14 of a type described, for example, in U.S. Patent No. 4,097,923 which is suitable for remotely adding funds to the meter to enable it to continue the operation of dispensing value bearing indicia. (n accordance with the invention there is also established a security or forensic center 16 which may of course be physically located at the resetting center 14 but is shown here separately for ease of understanding. Alternatively, such a security or forensic center could be an entirely separate facility maintained by the Postal Authorities, for instance, or two separate facilities may be maintained in order to provide io levels of security, if desired. The dashed lines in Fig. 1 indicate telecommunication between the meter 12 and the resetting center 14 (andlor forensic center 16).
Typically, there may be an associated meter distribution center 18 which is utilized to simplify the logistics of placing meters with respective is users. Similarly, a business processing center 20 is utilized for the purpose of processing orders for meters and for administration of the various tasks relating to the meter population as a whole.
The meter manufacturer indicated at 22 provides customized meters or PED's to the distribution center 18 after establishing operability with shop 2o checks between the manufacturer and the resetting center 14 and forensic center 16. The meter or PED is unlocked at the user's facility by a customer service representative indicated here by the box 24.
At the resetting center 14 a database 26 relating to meters and meter transactions is maintained. The resetting combinations are generated by a 25 secured apparatus labeled here as the Black Box 28. The details of such 8 resetting arrangement are found in U.S. Patent No. 4,097,92;
Database 30 and a secured encryption generating apparatus, so designated here as Orange Box 32, are maintained at the security or forensic center 16. The orange box preferably uses the DE$ standard encryption techniques to provide a coded output based on the keys and other information in the message string provided to it. It will be understood that other encryption arrangements are known and the invention is not limited to the specific embodiment using DES encryption. The security or forensic center 16, wherever maintained, is preferably connected by telecommunication with any Post Office inspection station, one of which is s indicated here at 34.
Further details are to be found in Canadian Patent Application Serial No. 2,133,67~~, Meter 12, as illustrated, includes a secure clock 40 that is used to io provide a calendar function programmed by the manufacturer. The clock and calendar function cannot be modified by the user. Such clocks are well known and may be implemerited in computer routines or in dedicated chips which provide programmable calendar outputs. Also stored within the registers of the meter 12 are a fund resetting key 42, security key 44, is expiration dates 46 and preferably, an inscription enable flag 48.
Preferably, in order to prevent the breaking of the encrypted messages to be printed by the postage meter, the security key 44 is changed at predetermined intervals as discussed below.
. The security key 44 is used in conjunction with a DES encrypter~in the 2o meter 12 to provide an encryption of certain information in the PRB for each rinting of the PRB on a mailpiece. At each pririting operation, the entire encrypted message may be printed on the mailpiece. However, preferably the cipher, hereafter referred to herein as an ECODE (also referred to as a digital token) is a truncated ciphertext produced by DES encryption of the 2s message based on postage information available to the meter. Verification at the security center consists of verifying that the encrypted information is consistent with~the ECODE.
If automatic checking of the ECODE is desired, both the ECODE and the plaintext must be machine readable. A typical length of plaintext 3o information is, for example only and not by way of limitation, the sum of the meter ID (typically 7 digits), a date (preferably 2 digits, suitably the last 2 of the number of days from a predetermined starting date such as January 1 ), the postage amount (4 digits), and the piece count for a typical total of 16 digits. Reading devices for lifting the information either from a bar-code on the mailpiece or as OCR are well-known and will not be further discussed.
A DES block is conventionally 64-bits long, or approximately 20 decimal digits. A cipher block is an encryption of 64 bits of data. It will be s appreciated that other information may be selected and that less than the information provided here may be encrypted in other embodiments of the invention. It is however important to note that the information to be encrypted must be identical to that used in verification. To this end the plaintext message may include data which indicates the particular information which is io encrypted. This may take the form of an additional character, additional bar coding or a marking on the mailpiece as may be found desirable.
If desired, a second ECODE could be printed using a DES key from a set of keys PS-DES known to the Postal Service. Alternatively the Postal Service could elect to manage its own set of keys as described in connection Is with the key management system described below.
In a first embodiment, as shown in Figs. 2a and 2b, the plaintext is encrypted using one of the keys from PS-DES. The Postal Service uses the same key from the set PS-DES to verify the message. A higher level of security is provided by the second ECODE.
2o In a second embodiment, two ECODEs are generated and printed on the mailpiece, one using a PS-DES key provided by the Post Service and the other using a Vendor-DES key provided, for example, by the manufacturer or security center. The Postal Service can then verify the message using its own code generating and key management system while the vendor can 2s separately verify the validity of the message using the ECODE generated using its separate key system. Figs. 3a and 3b show the format of this second embodiment.
Fig. 4 shows an arrangement for managing meter master keys as disclosed in Canadian Patent Application Serial No. 2,133,679, previously 3o noted. First a large, fixed set of predetermined keys KP~ed's is generated, at step 400. As seen below, the system S in accordance with the invention comprises a set of pointers {p}, a set of keys indexed by the pointer {keyp}
and a map F or generating algorithm from the set of meter ID's {M} to the set of pointers. Thus:
S = ( F, {p}, keyp} ) is the system F: {M} -> {p}
s and F(M) = F(meter ID) = p finds the pointer to the key for a given meter M.
Thus, returning to Fig. 4, as an example, the set of pointers {p} which may be the integers from 1 to 1000, are created from meter parameters, at io step 405. The function F may be then chosen as, again for example, the DES
encryption of meter ID using a DES key K, preferably truncated to three digits, at step 410 and a look-up table is generated, at step 415. It will be understood that other functional relationships may be chosen. The look-up table comprises a set of meter ID's and their assigned pointers. For the is greatest security, it will be appreciated that the relationship between a pointer p and the corresponding key should not be easily discoverable nor should the relationship between the pointer and the meter ID. It will also be understood that the function F should be maintained in secret.
Referring now to Figs. 5 and 9, the preferred embodiment of the 2o present invention is shown. At step 420, using the meter ID of a specific meter in the look-up table, the corresponding ICP~~ is stored in the meter. At step 430, a date dependent key Kdd is generated from the predetermined key !(P,~ by encrypting the date with KP~~, to yield the Kdd for the meter. At step 435, a unique meter identifier, such as a meter serial number, is encrypted 2s with the date dependent key Kdd to produce a unique key Kf~a~ for the meter.
The meter generates digital tokens using its unique key l4nal.
Referring now to FIGs. 6 and 10, an alternate embodiment of the meter operation is shown. At step 470, a unique meter identifier, such as a meter serial number, is encrypted with the predetermined master key KP~ed to yield a unique key Kr,~a~ for the meter. The unique meter key Kh~a~ is stored in the meter at step 475. ICfnal is used to generate a date dependent key Kdd in the meter by encrypting the date with Kf~a, to produce date dependent key Kdd.
Referring now to Fig. 7, the data center operation for the preferred s embodiment is shown. At step 450, the date is encrypted with each predetermined master key Kp,ed to yield a table of date dependent keys 14,d 's.
At step 455, the data center distributes the table of Kdd 's to each of the verification sites for use in verifying digital tokens generated by the meters.
Referring now to Fig. 8, a verification process is shown using the key to management system in accordance with the present invention. In order to verify a mailpiece, the meter ID number printed on the mailpiece is read at step 500. At step 510, using the meter ID number a date dependent key Kdd is found in the table of Kdd's distributed by the data center. The key is found using the lookup table or algorithm F from the given meter number. At step is 515, the identical unique meter data that was used by the meter to obtain the meter's unique key Kf~al is encrypted with the date dependent key Kdd. At step 520, the identical plaintext information used to create the ECODE is now encrypted at the security center using Kr,~a,, and the result is compared with the code printed on the mailpiece, at step 530. If there is a match at decision 2o at step 540, the mailpiece is valid. If not the NO branch will trigger an alarm.
Returning for the moment to Fig. 2a and Fig. 3a, the Postal Service is able in these embodiments to obtain the PS-DES pointer directly from the indicia without using the process shown in Fig. 8. In the cases illustrated in Figs. 2b and 3b, the DES pointer is obtained by using a predetermined 2s algorithm applied to the information printed in the PED ID as described in connection with Fig. 8.
While the present invention has been disclosed and described with reference to the embodiments disclosed herein, it will be apparent that variations and modifications may be made therein. It is, thus, intended in the 3o following claims to cover each variation and modification that falls within the true spirit and scope of the present invention.
Claims (8)
1. A method for key management for controlling the keys used in encoding information to be printed on a mailpiece for validating the mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key set K pred(1-n);
assigning one of said plurality of keys K pred to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
encrypting said assigned key K pred with a date to obtain an assigned date dependent key K dd; and combining the assigned date dependent key K dd with information unique to the particular postage meter M uni to produce a final key K final for the particular postage meter M, such that K final = f(K dd, M uni).
generating a plurality of keys K to obtain a fixed key set K pred(1-n);
assigning one of said plurality of keys K pred to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
encrypting said assigned key K pred with a date to obtain an assigned date dependent key K dd; and combining the assigned date dependent key K dd with information unique to the particular postage meter M uni to produce a final key K final for the particular postage meter M, such that K final = f(K dd, M uni).
2. The method of claim 1 wherein said determined relationship associated with the postage meter is a pointer p associated with the particular postage meter M, said pointer p being derived as a function F(M) corresponding to predetermined parameters of the particular postage meter M.
3. The method of claim 1 further comprising the steps of:
encrypting a date with each K pred in said fixed key set K pred(1-n) to yield a table of date dependent keys K dd(1-n), and distributing said table of date dependent keys K dd(1-n) to verification sites.
encrypting a date with each K pred in said fixed key set K pred(1-n) to yield a table of date dependent keys K dd(1-n), and distributing said table of date dependent keys K dd(1-n) to verification sites.
4. A method for key management for controlling the keys used in encoding information to be printed on a mailpiece for validating the mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key set K pred(1-n);
assigning one of said plurality of keys K pred to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
combining the assigned key K pred with information unique to the particular postage meter M uni to produce a final key K final for the particular postage meter M, such that K final = f(K pred, M uni); and storing said final key K final in the particular postage meter M.
generating a plurality of keys K to obtain a fixed key set K pred(1-n);
assigning one of said plurality of keys K pred to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
combining the assigned key K pred with information unique to the particular postage meter M uni to produce a final key K final for the particular postage meter M, such that K final = f(K pred, M uni); and storing said final key K final in the particular postage meter M.
5. The method of claim 4 comprising the further steps of:
encrypting said final key K final with a date to obtain a date dependent key K dd for the particular meter M; and storing said date dependent key K dd in the particular meter M.
encrypting said final key K final with a date to obtain a date dependent key K dd for the particular meter M; and storing said date dependent key K dd in the particular meter M.
6. The method of claim 4 wherein said determined relationship associated with the postage meter is a pointer p associated with the particular postage meter M, said pointer p being derived as a function F(M) corresponding to predetermined parameters of the particular postage meter M.
7. A method for key management for controlling the keys used in encoding information to be printed on a mailpiece for validating the mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key set K pred(1-n);
assigning one of said plurality of keys K pred to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
installing the assigned key K pred in the particular postage meter M;
encrypting said assigned key K pred with a date to obtain an assigned date dependent key K dd; and combining the assigned date dependent key K dd with information unique to the particular postage meter M uni to produce a final key K final for the particular postage meter M, such that K final = f(K dd, M uni).
generating a plurality of keys K to obtain a fixed key set K pred(1-n);
assigning one of said plurality of keys K pred to a particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function F(M) corresponding to the particular postage meter;
installing the assigned key K pred in the particular postage meter M;
encrypting said assigned key K pred with a date to obtain an assigned date dependent key K dd; and combining the assigned date dependent key K dd with information unique to the particular postage meter M uni to produce a final key K final for the particular postage meter M, such that K final = f(K dd, M uni).
8. A method for key management for controlling keys used in the verification of encoded information printed on a mailpiece, the method comprising the steps of:
generating a plurality of keys K to obtain a fixed key set K pred(1-n);
encrypting a date with each K pred in said fixed key set K pred(1-n) to yield a table of date dependent keys K dd(1-n);
distributing said table of date dependent keys K dd(1-n) to verification sites;
reading plaintext information printed on a mailpiece, said plaintext information including a meter ID identifying a particular postage meter M;
finding a date dependent key K dd corresponding to the particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function of said meter ID;
encrypting said meter ID with said date dependent key K dd to obtain a final key K final;
encrypting at least some part of the plaintext information using said final key K final to obtain a code;
comparing said code with encoded information printed on the mailpiece; and validating the mailpiece when said code matches said encoded information.
generating a plurality of keys K to obtain a fixed key set K pred(1-n);
encrypting a date with each K pred in said fixed key set K pred(1-n) to yield a table of date dependent keys K dd(1-n);
distributing said table of date dependent keys K dd(1-n) to verification sites;
reading plaintext information printed on a mailpiece, said plaintext information including a meter ID identifying a particular postage meter M;
finding a date dependent key K dd corresponding to the particular postage meter M by means of a determined relationship associated with the postage meter, said relationship being derived as a predetermined function of said meter ID;
encrypting said meter ID with said date dependent key K dd to obtain a final key K final;
encrypting at least some part of the plaintext information using said final key K final to obtain a code;
comparing said code with encoded information printed on the mailpiece; and validating the mailpiece when said code matches said encoded information.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US08/742,526 | 1996-11-01 | ||
| US08/742,526 US5805701A (en) | 1996-11-01 | 1996-11-01 | Enhanced encryption control system for a mail processing system having data center verification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2219857A1 CA2219857A1 (en) | 1998-05-01 |
| CA2219857C true CA2219857C (en) | 2005-01-11 |
Family
ID=24985176
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002219857A Expired - Fee Related CA2219857C (en) | 1996-11-01 | 1997-10-31 | Enhanced encryption control system for a mail processing system having data center verification |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US5805701A (en) |
| EP (2) | EP0840258B1 (en) |
| CA (1) | CA2219857C (en) |
| DE (2) | DE69739293D1 (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6671813B2 (en) | 1995-06-07 | 2003-12-30 | Stamps.Com, Inc. | Secure on-line PC postage metering system |
| GB9704159D0 (en) * | 1997-02-28 | 1997-04-16 | Neopost Ltd | Security and authentication of postage indicia |
| US7743412B1 (en) * | 1999-02-26 | 2010-06-22 | Intel Corporation | Computer system identification |
| US6847951B1 (en) | 1999-03-30 | 2005-01-25 | Pitney Bowes Inc. | Method for certifying public keys used to sign postal indicia and indicia so signed |
| US6704867B1 (en) | 1999-03-30 | 2004-03-09 | Bitney Bowes, Inc. | Method for publishing certification information representative of selectable subsets of rights and apparatus and portable data storage media used to practice said method |
| US6738899B1 (en) | 1999-03-30 | 2004-05-18 | Pitney Bowes Inc. | Method for publishing certification information certified by a plurality of authorities and apparatus and portable data storage media used to practice said method |
| CA2331484C (en) * | 1999-10-15 | 2004-12-07 | Ascom Hasler Mailing Systems, Inc. | Technique for effectively generating postage indicia using a postal security device |
| WO2001045051A1 (en) * | 1999-10-18 | 2001-06-21 | Stamps.Com | Postal system intranet and commerce processing for on-line value bearing system |
| US6868406B1 (en) | 1999-10-18 | 2005-03-15 | Stamps.Com | Auditing method and system for an on-line value-bearing item printing system |
| AU1571101A (en) * | 1999-10-18 | 2001-04-30 | Stamps.Com | Role assignments in a cryptographic module for secure processing of value-bearing items |
| EP1224630A1 (en) | 1999-10-18 | 2002-07-24 | Stamps.Com | Method and apparatus for on-line value-bearing item system |
| US6473743B1 (en) * | 1999-12-28 | 2002-10-29 | Pitney Bowes Inc. | Postage meter having delayed generation of cryptographic security parameters |
| WO2001061652A2 (en) | 2000-02-16 | 2001-08-23 | Stamps.Com | Secure on-line ticketing |
| US7756795B2 (en) | 2000-12-27 | 2010-07-13 | Pitney Bowes Inc. | Mail piece verification system |
| US7707124B2 (en) * | 2000-08-28 | 2010-04-27 | Pitney Bowes Inc. | Mail piece verification system having forensic accounting capability |
| US6868407B1 (en) * | 2000-11-02 | 2005-03-15 | Pitney Bowes Inc. | Postage security device having cryptographic keys with a variable key length |
| US9779556B1 (en) | 2006-12-27 | 2017-10-03 | Stamps.Com Inc. | System and method for identifying and preventing on-line fraud |
| US8510233B1 (en) | 2006-12-27 | 2013-08-13 | Stamps.Com Inc. | Postage printer |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4605820A (en) * | 1983-11-10 | 1986-08-12 | Visa U.S.A. Inc. | Key management system for on-line communication |
| GB2173738B (en) * | 1985-04-19 | 1989-07-12 | Roneo Alcatel Ltd | Secure transport of information between electronic stations |
| NL8501211A (en) * | 1985-04-29 | 1986-11-17 | Philips Nv | KEY STORAGE AND DISTRIBUTION SYSTEM FOR CRYPTOGRAPHICALLY SECURE COMMUNICATION. |
| US4853961A (en) * | 1987-12-18 | 1989-08-01 | Pitney Bowes Inc. | Reliable document authentication system |
| US4893338A (en) * | 1987-12-31 | 1990-01-09 | Pitney Bowes Inc. | System for conveying information for the reliable authentification of a plurality of documents |
| US4935961A (en) * | 1988-07-27 | 1990-06-19 | Gargiulo Joseph L | Method and apparatus for the generation and synchronization of cryptographic keys |
| US5878136A (en) * | 1993-10-08 | 1999-03-02 | Pitney Bowes Inc. | Encryption key control system for mail processing system having data center verification |
| US5390251A (en) * | 1993-10-08 | 1995-02-14 | Pitney Bowes Inc. | Mail processing system including data center verification for mailpieces |
| US5812666A (en) * | 1995-03-31 | 1998-09-22 | Pitney Bowes Inc. | Cryptographic key management and validation system |
| US5696829A (en) * | 1995-11-21 | 1997-12-09 | Pitney Bowes, Inc. | Digital postage meter system |
-
1996
- 1996-11-01 US US08/742,526 patent/US5805701A/en not_active Expired - Fee Related
-
1997
- 1997-10-31 CA CA002219857A patent/CA2219857C/en not_active Expired - Fee Related
- 1997-10-31 DE DE69739293T patent/DE69739293D1/en not_active Expired - Fee Related
- 1997-10-31 EP EP97119056A patent/EP0840258B1/en not_active Expired - Lifetime
- 1997-10-31 EP EP07004897A patent/EP1788529B1/en not_active Expired - Lifetime
- 1997-10-31 DE DE69738636T patent/DE69738636T2/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| DE69738636T2 (en) | 2009-06-04 |
| EP0840258A3 (en) | 2000-05-10 |
| EP1788529A3 (en) | 2007-09-05 |
| EP0840258A2 (en) | 1998-05-06 |
| EP1788529B1 (en) | 2009-03-04 |
| EP1788529A2 (en) | 2007-05-23 |
| CA2219857A1 (en) | 1998-05-01 |
| EP0840258B1 (en) | 2008-04-16 |
| DE69738636D1 (en) | 2008-05-29 |
| DE69739293D1 (en) | 2009-04-16 |
| US5805701A (en) | 1998-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5878136A (en) | Encryption key control system for mail processing system having data center verification | |
| CA2133497C (en) | Mail processing system including data center verification for mailpieces | |
| CA2222662C (en) | System and method of verifying cryptographic postage evidencing using a fixed key set | |
| CA2219857C (en) | Enhanced encryption control system for a mail processing system having data center verification | |
| US4757537A (en) | System for detecting unaccounted for printing in a value printing system | |
| US5448641A (en) | Postal rating system with verifiable integrity | |
| CA2137403C (en) | Electronic data interchange postage evidencing system | |
| CA2173008C (en) | Cryptographic key management and validating system | |
| US5661803A (en) | Method of token verification in a key management system | |
| EP0331352B1 (en) | Franking system | |
| US6480831B1 (en) | Method and apparatus for securely transmitting keys from a postage metering apparatus to a remote data center | |
| EP0735719B2 (en) | Method for providing secure boxes in a key management system | |
| US6073125A (en) | Token key distribution system controlled acceptance mail payment and evidencing system | |
| US6230149B1 (en) | Method and apparatus for authentication of postage accounting reports | |
| CA2172861C (en) | Method of manufacturing generic meters in a key management system | |
| EP1107506B1 (en) | Method and system for generating messages including a verifiable assertion that a variable is within predetermined limits | |
| US6938023B1 (en) | Method of limiting key usage in a postage metering system that produces cryptographically secured indicium | |
| US6813614B2 (en) | Method for re-keying postage metering devices | |
| WO2000055817A1 (en) | Improvements relating to postal services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |