WO2005006155A2 - Secure system for conducting postal service transactions and method for use thereof - Google Patents

Abstract

Featured are systems and methods for creating digital signatures. More particularly, there is featured a method for facilitating online commerce including issuing an electronic commerce card to a customer during a registration phase, the commerce card having a customer account number and a customer-related secret associated therewith and generating at the customer, during an online commerce transaction phase, a proxy number suitable for the online commerce transaction. The proxy number being generated resembles the customer account number; and embedded therein is a code number derived at least in part on the customer-related secret and an associated date and time stamp.

Description

SECURE SYSTEM FOR CONDUCTING POSTAL SERVICE TRANSACTIONS AND METHOD FOR USE THEREOF

This application claims as priority U.S. Provisional Patent Applications 60/478985 filed 6/ 14/03 entitled "Secure System for Processing Digital Signatures and Method for Use Thereof," 60/492,774 filed 8/04/03 entitled "Secure System for Processing Digital Signatures Using Clock Signal Activation and Private Key Transfer," 60/499,761 filed 9/02/03 entitled "Secure System for Processing Digital Signatures Using Clock Signal Activation and Secret Key Transfer," 60/500,897 filed 9/04/03 entitled "Secure System for Processing Digital Signatures Using Clock Signal Activation and Secret Key Transfer," 60/504,913 filed 9/22/03 entitled "Secure System for Processing Digital Signatures Using System Clock Activation and Secret Key Transfer, and 60/506,115 filed 9/25/03 entitled "Secure System for Processing Digital Signatures and Method for Use Thereof."

FIELD OF INVENTION

The present invention is related to a system and associated method for conducting an electronic commerce transactions, more particularly postal service transactions involving stamps and labels (e.g. 2-Part Fluorescent Shipping Labels) and also to the methods, systems and machines for generating, issuing, printing, tracking and authorizing the usage of such stamps and labels in conjunction with the delivery of deliverable items.

BACKGROUND

This invention was inspired by the events surrounding September 11, 2001 and the subsequent problems arising from acts of bio-terrorism involving the injection of the deadly chemical agent Anthrax into the U.S. mail system.

In an effort to protect the public, the U.S. Postal Service has primarily focused its efforts on means of killing Anthrax spores once they've entered the postal system. An example of this is the use of irradiation machines to heat up pieces of mail as they are identified and sorted at various points along the way to their final delivery.

There are several negatives to this approach. One is the fact that these radiation machines tend to be expensive. Another is concern that applying radiation to mail can cause film, to be exposed, sensitive electronics to be damaged, prescription drugs to be weakened, and food to be cooked. Another is the added time it takes for mail to be delivered because of the time required to carry out irradiation. Still another has been the reports of illness resulting from people being subjected to noxious gases formed by the release of hydrocarbons from irradiated paper. The negatives have caused some to suggest that use of radiation should be limited to only those packages identified as "suspicious."

Adding to the problem brought by bio-terrorism is the continuing budget woes faced by the USPS. The mounting losses likely make it impossible for the USPS to absorb any new operating costs without hiking the price of postage. At the same time, failing to effectively deal with the threat of Anthrax-laden mail and other potential acts of terrorism only threatens to push the USPS deeper into the red. The financial woes have only been worsened by the time and money spent in what has been a fruitless search to identify and locate the person or persons responsible for the Anthrax mailings.

The truth is the irradiation of mail does not address the real problem highlighted by the mailings. That problem is the relative anonymity with which terrorists and criminals are able to exploit the U.S. postal system knowing there is little or no chance of being connected to a suspect letter or package or more specifically the stamp or label used in mailing the letter or package.

Accordingly, it is desirable to provide a means by which a stamp or label used in conjunction with a mailed letter or package is able to be securely generated and issued, precisely tracked during the sorting and delivery process, and reliably authenticated and authorized prior to final delivery so as to offer mail recipients protection against those who would coirimit crimes behind a veil of anonymity. In addition, it is further desirable to provide a means by which a stamp or label used in conjunction with a mailed letter or package is able to be authorized similar to a credit or debit card so as to facilitate real-time postage pricing whereby postal service customers (users) pay rates based upon the actual amount of time required for delivery. Instituting real-time postage pricing based upon for example a sliding rate scale would also serve the public by establishing a built-in incentive for the postal service to maximize the efficiency and speed with which mail gets delivered.

Note that while the invention may be ideally suited for use in conjunction with a postal service system and the mailing of deliverable items as well as other described alternative embodiments, it is to be understood that one or more of the innovations disclosed herein are likely to be generally applicable to other digital data environments and applications not necessarily involving deliverable items or the other described alternative embodiments. The invention is also not to be limited by use of the description "user digital signature" and may in fact be implemented on behalf of entities other than individual users (e.g. companies including shippers and mass mailers, clubs, groups, governmental bodies, etc.).

SUMMARY OF THE INVENTION The present invention provides for the enhancement of security and efficiency for postal service transactions through use of a transaction identification number (TIN) capable of operating as a proxy or "limited use" user account number (e.g. credit or debit card, checking, social security, business customer account, etc.) and also as a user digital signature. For transactions involving the delivery of deliverable items (e.g. letters and packages), the invention further provides for various embodiments in which the user digital signature is able to be printed or affixed to and machine readable from preprinted stamps, labels (e.g. 2-Part Fluorescent Shipping Label, Express Mail Label, etc.), metered mail, postage meter strips, postage meter stamps, and the physical surface of envelopes (e.g. electronic stamps) or packages in response to individual demand requests made through public vending machines, over postal service branch or agent counters, or across network connections such as the Internet.

According to one embodiment of the invention, the runtime cycle of an application operating in response to a user request from a user computerized device is used as a measure for signaling the start of the digital signing process. Another embodiment is provided in which the runtime cycle of a microprocessor is used as a measure for signaling the start of the digital signing process.

According to another embodiment, a first party (sender) is able to mail a deliverable item to a second party (recipient) or parties wherein a TIN comprising the recipient's name, mailing address and other information is useful as a means for authenticating the accuracy of the name and address, helping direct the item through the postal service to final delivery, and providing information useful at the point of authorization.

According to another embodiment, a TIN comprising the sender's return address and other information is able to be authenticated as part of the authorization process in addition to other shared secret information not presented at the time of authorization and known only by the sender and the card issuer or agent.

According to another embodiment, a TIN comprising the sender's return address and other information is able to be machine read and authorized for payment at a point prior to delivery wherein all pertinent available information is considered in determining the price of mailing or shipment. Of vital importance to price determination is the date and/ or time stamp appearing in association with the TIN which is able to be compared to the present date and time as a matter of calculating the time passed since the date and time stamp was generated and affixed.

According to another embodiment, in the event of a return exercised by a recipient or on behalf of a recipient a TIN comprising the sender's return address and other information is able to be machine read and authorized for return shipment provided the return is initiated with a prescribed window of time per the governing polices and practices. Another embodiment provides that returns initiate beyond such a prescribed window of time would require the use of a return label or other means in which case such return label could in one example be enabled with a TIN comprising the sender's or another party's name, address and other information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example of one embodiment of the TIN in the form of a 16- digit proxy account number (e.g. credit or debit card account) with an embedded message authentication code (MAC) and associated date and/ or time stamp.

FIG. 2 illustrates an embodiment of that aspect of the invention involved with the creation of an embedded MAC from various input parameters.

FIG. 3 illustrates components of a system in accord with an embodiment of the present invention for postal service transactions.

FIG. 4 is an illustration useful in describing that aspect of the invention involved with the use of the runtime cycle of an application (e.g. stamp and label printing software, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures. FIG. 5 illustrates an embodiment of the invention involved with the use of a runtime cycle of a microprocessor as a measure for signaling the start of a process involving the creation and application of digital signatures.

FIG. 6 illustrates steps involved with one embodiment of a method for using the runtime cycle of an application (e.g. stamp and label printing software, etc.) as a measure for signaling the start of a process involving the creation and application of digital signatures.

FIG. 7 illustrates steps involved with one embodiment of a method for using clock signal activation as a means for signaling the start of a process involving the creation and application of digital signatures.

DETAILED DESCRIPTION OF THE INVENTION INCLUDING THE PREFERRED EMBODIMENTS

FIG. 1 illustrates an example of one embodiment of a transaction identification number (TIN) in the form of a 16-digit proxy account number (e.g. credit or debit card account) with an embedded message authentication code (MAC) and an associated date stamp and time stamp.

The example shown includes a single-digit lead-in identifier useful in identifying the card network (e.g. Visa or Mastercard), a seven-digit bank identification number (BIN) useful in identifying the card issuer, a four-digit user (customer) identification number, and a single-digit checksum compliant with conventional card network operations.

The TIN as illustrated represents an improvement to similar proxy account numbers contained in existing and pending U.S. patents. For the purpose of this application incorporated by reference is U.S. Patent 6,000,832 entitled "Electronic online commerce card with customer generated transaction proxy number for online transactions."

Alternative embodiments of the present invention provide for various combinations comprising one or more of the featured identifiers in varying order and for those identifiers to inhabit varying lengths of fields that could have a total length equal to, less than, or greater than 16 digits.

For example, one alternative embodiment could involve a TIN comprising a user identifier portion, a multiple-digit MAC portion, and an associated date stamp and time stamp. This would be applicable in the scenario in which the TIN would not be required to conform to the attributes of a proxy credit or debit card number for the purpose of facilitating electronic payment.

Another example is an alternative embodiment in which the date stamp might take the form of a year expressed in terms of "99" instead of the illustrated "1999" and a time stamp expressed in hours and minutes instead of the illustrated "120000" showing hours, minutes and seconds. Another alternative embodiment provides for milliseconds or other fractional time representations to be included. There is also the possibility of either just a date stamp or a time stamp.

The TIN might also include other information fields for identifiers not featured. For example, one alternative embodiment could involve a merchant and/ or agent identifier portion (e.g. shipper, carrier, pack 'n ship retailer, etc.) in addition to other identifier portions such as a transaction authorization number or distribution code comprising information identifying the specific location, PC or vending machine from which a particular TIN was issued.

The various ways to limit the form and use of the TIN is subject only to practical considerations and the writing of application software to operate the system with such limitations.

FIG. 2 illustrates an embodiment of that aspect of the invention involved with the creation of a MAC from various input parameters. The MAC is generated as a function of various inputs from a list including a user private or secret key, user-specific information (e.g. name, account number, password or other shared secret, etc.) and transaction specific data [e.g. merchant ID, goods or service IDs, location code (e.g. zip plus four), vending machine code, postal counter agent code, height, width, depth, weight, density, date and/or time of transaction, etc.]. In addition to the above examples of user-specific information being used in the formation of a MAC, there is also an embodiment involving the input of bio-metric information either previously stored to memory or gathered as part of an ongoing electronic commerce transaction. One embodiment involves the use of a computerized device (e.g. smart card) enabled with an integrated bio-metric sensor with means of creating a real-time digital scan of a thumb or fingerprint and comparing the result to a scan securely stored within the smart card. Another embodiment involves the creation of a real-time digital scan of a thumb or fingerprint and transferring the result for second or third party verification during the course of an electronic commerce transaction. An example of prior art describing a device capable of performing such a function is U.S. Patent Application 20020095587 filed January 17, 2001 and entitled "Smart card with integrated bio-metric sensor."

Various types of bio-metric information (e.g. retina scan, facial scan, digital photograph and video, etc.) and various means for incorporating such information for use with the present invention will be obvious to those skilled in the art.

The alternatives involving the input of bio-metric information makes another embodiment possible in which no private key is used to render the MAC, only one or more of other various inputs. Each of the above described embodiments represent improvements over those embodiments described in U.S. Patent 6,000,832.

FIG. 3 illustrates components of a system in accord with an embodiment of the present invention for conducting postal service transactions. Central to this system is Card Issuer or Agent Host Computer(s) 300 in which those processes are housed to meet the various requirements of the invention. Preferably, the postal service fulfills the role of Agent. The Agents might include other types of card-issuers, such as credit card companies, card sponsoring companies, or third party issuers under contract with financial institutions (e.g. postal service or agent). In addition, other participants may be involved in some phases of the transaction such as intermediary settlement institutions collectively represented as Bank Network 312.

Operating in conjunction with Card Issuer or Agent Host Computer(s) 300 is an account manager and a user database. The account manager is preferably implemented in software that executes on Card Issuer or Agent Host Computer(s) 300, such as a relational database that manages the user database. Also operating in conjunction with Card Issuer or Agent Host Comρuter(s) 300 is a Transaction Number Identifier, a MAC Coding Unit and Comparator, and a traditional Processing System.

Card Issuer or Agent Host Computer(s) 300 connects via IVR (Interactive Voice Response Unit) 301 and Wired and/or Wireless Telecommunications Network 303 to Telephone Transceiver 305; connects via Server 302 and Telecommunications Network 303 and Internet 304 to Computerized Device(s) 306 and Smart Card 307 in the case of web-based communications; connects via Server 302 and Telecommunications Network 303 to Computerized Device(s) 306 and Smart Card 307 in the case of direct dial-up connections; connects via Bank Network 312 and Wired and/or Wireless Telecommunications Network 303 to Merchant or Agent Host Computer(s) 311; connects via Bank Network 312 and Wired and/ or Wireless Telecommunications Network 303 to IVR 309 and Merchant or Agent Host Computer(s) 311; connects via Bank Network 312 and Wired and/ or Wireless Telecommunications Network 303 and Internet 304 to Server(s) 310 and Merchant or Agent Host Computer(s) 311.

Note that the system illustrated in FIG. 3 may be further adapted to take the form of other types of networks such as an interactive cable or satellite television network.

Computerized Device(s) 306 can take various forms (e.g. personal, laptop or notebook computer, personal digital assistant, set-top box, media player and/ or recorder, digital telephone, etc.) any of which may be enabled with an integrated bio-sensor or microphone per the additional embodiments outlined above for the creation of a digital signature involving a digital image of a finger or thumbprint or voice scan. Computerized Device(s) 306 also comprises a printer capable of performing the functions required by the invention. According to one embodiment, Computerized Device(s) 306 runs an operating system capable of supporting multiple applications. Preferably, the operating system is multitasking, allowing simultaneous execution of multiple applications in a graphical user interface (GUI) environment, included among the applications a web browser preferably enabled for use of web services programming languages (e.g. Extensible Markup Language (XML). The operating system includes a key store to securely hold one or more private or secret keys used for encryption, decryption, digital signing, and other cryptographic functions. The key store is a password-protected storage location that grants access upon entry of an appropriate password. The user preferably selects the password as part of the registration process.

Several software components are stored in memory contained within Computerized Device 306 in addition to the browser. They include a registration module and a MAC coding unit as illustrated in FIG. 2. The registration module and MAC coding unit may be supplied to the user during the registration process.

Smart Card 307 preferably incorporates a personal digital signature device in which those processes are housed to meet the various requirements of the invention. U.S. Patent 6,408,388 describes an embodiment of a "Personal date/time device" and is hereby included by reference. Smart Card 307 is able to be carried by a user for the purposes of carrying out the functions of the invention "in store" from Point of Sale Temiinal 308 and Postal Service or Agent Host Computer(s) 311. Alternatively, Smart Card 307 is also able to operate in conjunction with User Computerized Device(s) 306 in carrying out the various functions of the invention.

Telephone Transceiver 305 is useful as a means for a user to connect via Wired and/or Wireless Telecommunications Network 304 to IVR 309 and Host Computer(s) 311 and IVR 301 and Card Issuer or Agent Host Computer(s) 300 for the purpose of recording and storing a user voice for the creation of a bio- metric digital scan if needed.

Telephone Transceiver 305 is also useful as a means for a user to connect via Wired and/or Wireless Telecommunications Network 304 to IVR 309 for the purpose placing an order for stamps or labels by telephone. In this instance, the stamp and label printing software is preferably forwarded to the user out of band in the form of a CD or DVD. Alternatively, the software could be downloaded to the user online.

Telephone Transceiver 305 is also useful as a means for a user to connect via Wired and/ or Wireless Telecommunications Network 304 to IVR 309 or alternatively to IVR 301 for the purpose of registering as a participant in conjunction with the present invention. In accord with an embodiment of the system illustrated as part of FIG. 3, the present invention is implemented using custom-written applications in the form of software modules operating in conjunction with Card Issuer or Agent Host Computer(s) 300 and Computerized Device(s) 306 and Smart Card 307. The custom-written application is issued to users via download or out of band via disk for use with Computerized Device(s) 306 and Smart Card 307 or alternatively it can be packaged as part of an operating system or other product. If needed an upgrade is capable of being similarly issued to users for the purpose of making the browser operating in conjunction with Computerized Device(s) web-services language enabled.

Operating in conjunction with Host Computer(s) 311 and Server (s) 310 are custom-written applications supporting a DRM system capable interacting with Computerized Device 306 using a common web-services language. Preferably, the DRM system also makes use of the "Handle System" for resolving web pages displaying information pertaining to specific digital content identified using DOIs.

U.S. Patent 6,000,832 describes three distinct phases suitable for the present invention; a registration phase, a transaction phase, and a payment- authorization phase. In addition the present invention includes a printing phase, and a pre-authorization phase. The registration phase and payment-authorization phase of the present invention follow closely with the methodology and steps outlined in U.S. Patent 6,000,832. The noticeable exception being the generation and printing or affixing of a date and/ or time stamp in association with the TIN either before or during the pre-authorization phase.

Transaction Phase

According to one embodiment involving a web-based transaction, during the transaction phase the user invokes the browser to surf the Web in order to connect to the postal service or agent web site operating in conjunction with Server(s) 310 and Host Computer(s) 311. Server(s) 310 obtains information from Host Computer(s) 311 for display at Computerized Device(s) 306 via the web browser. When a user makes a selection, Host Computer(s) 311 responds with a request for a user digital certificate. Preferably, the user is able to select the digital certificate of the credit or debit card they wish to use. The digital certificate, with the credit or debit card number as one of its attributes, is encrypted with the user's private key. The certificate is transferred to the postal service or agent who then redirects the certificate to Bank Network 112 with required merchant information. Preferably, Bank Network 112 uses the available information to locate the user's public key and decrypt the certificate wherein the card number is submitted for pre-authorization as a matter of securing the various protections offered through the credit card industry. According to one embodiment, if pre-authorization is unsuccessful, then the transaction is terminated and the appropriate messages returned to the content provider or agent and the user. If pre-authorization is successful, the card issuer or agent generates a trusted date stamp and time stamp, updates attribute information as required (e.g. credit limit), signs the certificate with its own private key, and returns the certificate to the postal service or agent who then redirects the certificate back to the user. Preferably, receipt of the signed certificate by Computerized Device(s) 306 results in the retrieval of the bank's public key from storage in order to authenticate the signed date stamp and time stamp.

According to one embodiment, if authentication is unsuccessful, the date stamp and time stamp is considered untrustworthy and is discarded and the possibility of a trusted relationship abandoned by the user. On the other hand, if authentication is successful, the date stamp and time stamp is considered trusted and as a result vouches for the trastwori±tiness of the postal service or agent. Preferably, this results in the CPU signaling the custom-written application. Alternatively, the user opens the custom-written application by clicking on a special button appearing on the GUI of the browser to invoke a wizard to guide the user through the steps of generating a TIN suitable for the transaction. A dialog box opens up on screen and requests entry of the user's password. The user types in the password. The operating system checks the password prior to allowing access to the key store. If the password is approved, the user is prompted again. The dialog box may also request entry of various transaction-specific data. According to one embodiment, this includes the size and weight of the letter or package that had been placed on a scale. Preferably, the wizard software automatically collects the transaction-specific data appearing in conjunction with the order form. Additionally, one or more of the above detailed steps could be eliminated by use of a user software agent (e.g. electronic wallet). The step of password entry might also be eliminated or performed at an earlier step prior to the transaction.

Preferably, the custom-written application generates a secret (symmetric) key, calls the MAC coding unit operating in conjunction with Computerized Device(s) 306 and inputs the secret key, the transaction-specific data that preferably includes the trusted date and time, and any user-specific data. The input parameters are entered to the MAC coding unit, which then computes a MAC or code number as a function of the secret key, the transaction-specific data, and the user-specific data. Preferably, the coding unit derives a code number according to a cryptographic hashing function of the symmetric key and various input parameters (e.g. cargo container weight, cargo container density, etc.)

Computerized Device(s) 306 embeds the code number in the available places in the TIN reserved for the code number. Computerized Device(s) 306 computes a checksum from the pre-known prefix, the user identification number, and the code number and appends the check sum. The process creates a TIN with an embedded code number or MAC that is specific to the deliverable item being mailed or shipped and information relative to the mailing or shipment including the identity of the user.

According to a preferred embodiment the TIN is stored in the volatile memory associated with Computerized Device(s) 306 where it is sent to the printer and printed on the stamp or label preferably in the form of a barcode. In addition, the secret key used in forniing the TIN is transferred for the purpose of providing the content provider or agent with the means of verifying the user digital signature.

According to one embodiment the process can include the step of retrieving the user private key from key store. The private key is used to encrypt the secret key used in forniing the digital signature. The encrypted key along with the input parameters including the DOI(s) and URL(s) and other data relevant to the digital content, the digital signature and the user digital certificate are "pushed" to the content provider or agent. The content provider or agent authenticates the user's public key via the contents of the associated digital certificate and other information available at the time of the transaction. An alternate embodiment provides for no user digital certificate and rather for available information to be used in locating a public key stored in conjunction with a user account. In either of these embodiments, the user public key is used to decrypt the encrypted symmetric key that is then used to verify the digital signature. A third possible embodiment is for the secret key to be pushed to the content provider unencrypted.

According to one embodiment of the present invention, if verification is unsuccessful, the appropriate message is returned to the user and the transaction is terminated. If verification is successful, the TIN, the secret key and any information relevant to the transaction are retained in the volatile memory associated with Host Computer(s) 311 in anticipation of the transfer phase of the present invention.

Pre-Authorization Phase

As part of a process for using a TIN in conjunction with the mailing of a deliverable item, the TIN preferably undergoes pre-authorization wherein it is authenticated as a means of distinguishing compliant letters and packages entering into the postal system or network. Authentication involves the process in which the scanning of incorning letters and packages confirms the presence of a properly formatted TIN in secure electronic realizable form (e.g. 2- Dimensional dog matrix, encrypted bar code, computer code, etc.).

Successful authentication preferably results in a signal being sent triggering a process in which the letter, package or electronic message is considered compliant or "trusted" and the TIN is interpreted and recorded to a database in conjunction with its associated address appearing on the letter or package. Failed authentication results in the letter, package or electronic message being considered non-compliant or "not trusted."

According to one embodiment, pre-authorization involves the authentication of TINs using the secret key stored in conjunction with a customer account. The process is preferably integrated as part of the automated process currently employed by modern postal systems for confirming mailing addresses. According to one embodiment, this process includes the steps by which an electronic image is made of the information appearing in conjunction with the mailing and return addresses and the TIN is scanned and machine read; the electronic image of the mailing address is scanned and the TIN identified using the Four-Digit User Identification Number in combination with the Seven Digit BIN; the mailing address is interpreted using a sophisticated handwriting recognition program and the secret ; the mailing address is compared against a record of known mailing addresses previously entered into a database; a successful match involving a known mailing address results in certain information about the identity of the address being incorporated into a unique identifier; the unique identifier being transformed into a barcode and subsequently sprayed on the piece of incoming mail as a means of identifying it in a way useful for sorting and final distribution. An unsuccessful match of the mailing address of an incoming piece of mail during this initial attempt at confirmation results in the electronic image containing the mailing address being transmitted to a central location to be viewed, deciphered and encoded by postal workers. Successful confirrnation at this point results in the encoded information being incorporated into a unique barcode and sprayed on the piece of incoming mail. Unsuccessful confirmation results in the incoming piece of mail being flagged by the barcode scanning equipment and diverted to a reject bin for manual processing.

According to one embodiment, the process of pre-authorization and authentication of TINs to a database is preferably integrated as part of the automated process currently employed by modern postal systems for confirming mailing addresses. This process includes the steps by which an electronic image is made of the mailing address appearing on a piece of incoming mail; the electronic image of the mailing address is scanned; the mailing address is interpreted using a sophisticated handwriting recognition program; the mailing address is compared against a record of known mailing addresses previously entered into a database; a successful match involving a known mailing address results in certain information about the identity of the address being incorporated into a unique identifier; the unique identifier being transformed into a barcode and subsequently sprayed on the piece of incoming mail as a means of identifying it in a way useful for sorting and final distribution. An unsuccessful match of the mailing address of an incoming piece of mail during this initial attempt at confirmation results in the electronic image containing the mailing address being transmitted to a central location to be viewed, deciphered and encoded by postal workers. Successful confirmation at this point results in the encoded information being incorporated into a unique barcode and sprayed on the piece of incoming mail. Unsuccessful confirmation results in the incoming piece of mail being flagged by the barcode scanning equipment and diverted to a reject bin for manual processing.

Integration of the process of authenticating and recording confirmed TINs to a database as part of the above process for confirming mailing addresses preferably includes the steps by which a TIN of an incoming piece of mail is stored to the random-access memory (RAM) of a computerized device operating in conjunction with scanning equipment and a software application useful in reading, interpreting and recording a TIN; the successful match of a mailing address of an incoming piece of mail results in the mailing address being transmitted to the computerized device; the mailing address of an inconiing piece of mail is stored to RAM in combination with the corresponding TIN; the combination of mailing address and TIN from an incoming piece of mail is recorded to a database and stored for a prescribed extended period of time. In the event that an unsuccessful match of the mailing address of an incoming piece of mail results in a mailing address not being transmitted to the computerized device, the TIN preferably remains stored in RAM until such time that a mailing address is deemed not to be forthcoming. At this point, the TIN is preferably recorded to a database where it will remain stored for a prescribed extended period of time.

Authenticating TINs at this point of the sorting process within a postal system preferably provides the opportunity for a piece of incoming mail with TIN-enabled postage to be specially identified. Doing so could help improve overall security and efficiency of a postal system by allowing compliant mail to be expedited for delivery, while non-compliant mail could be rerouted to specific areas where it could undergo greater scrutiny and additional security measures should they be warranted. The process of specially identifying mcoming mail with TIN-enabled postage includes the steps by which the receipt of a transmission of a mailing address of an incoming piece of mail by the computerized device results in a signal being sent from the computerized device to a second computerized device operating in conjunction with the process involved with the confirmation of mailing addresses; the receipt of the signal by the second computerized device results in certain prescribed information being incorporated into a unique identifier; the unique identifier being transformed into a barcode or computer code and subsequently sprayed on or attached to the piece of incoming mail as a means of identifying it in a way useful for sorting and final distribution.

As part of a process for investigating use of a TIN in mailing a letter or package, the invention provides for the TIN to be scanned and the components of the TIN identified. Should for any reason the TIN not be available or discemable, a search would be done of the database to which combinations of the mailing addresses of incoming pieces of mail and corresponding TINs are recorded. The search would involve looking up the address where the suspicious letter, package or electronic message was mailed and identifying any recorded TINs that may have been connected to the mailing. Having identified a TIN they believe to be connected to the mailing, investigators would then be able to search for the buyer of record. Using the random and/ or variable identifier of the TIN, they would be able to search a central database to which TINs of issued postage were recorded as part of the printing process. This would lead to the date the postage was printed and the area or possibly the specific post office branch or postal service agent location where the postage was shipped. What exactly could be determined would depend on the specific information used in formulating TINs per the governing policies instituted by the postal service including any personal information required at the time of or prior to purchase.

Using the acquired information as parameters, investigators would be able to conduct an effective search of various postal branch, postal service agent, or Internet service provider databases for the item or merchandise number reflecting the random and/ or variable identifier of the TIN. Finding that, they would be able to use the personal identification stored in conjunction with the item or merchandise number to identify the buyer of record in an effort to ultimately identify and locate the sender of the suspect letter or package.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates the various components of a Traceable Identification Number (TIN). FIG. 2 illustrates one embodiment of a pre-printed postage stamp with an encoded TIN in the form of a 2-Dimensional matrix code.

FIG. 3 illustrates the various components of an identification number used as a merchandise or item number to identify a package of TIN-enabled pre-printed postage stamps.

FIG. 4 illustrates one embodiment of an electronic realizable package identification number in the form of a barcode.

FIG. 5 illustrates components of a system in accord with one embodiment of the invention for creating and processing TIN-enabled postage.

FIG. 6 illustrates an embodiment of a Postage Meter Strip with TIN.

FIG. 7 illustrates an embodiment of a Postage Meter Stamp with TIN.

FIG. 8 illustrates an embodiment of a TIN in the form of a proxy account number (e.g. credit or debit card number) capable of functioning as an accountholder (e.g. cardholder) digital signature and being processed for the purpose of facilitating and electronic payment transaction in which the authenticating party is the card issuer and/or card issuer agent (e.g. postal service). FIG. 9 illustrates one embodiment of a 2-Part Fluorescent shipping label enabled with TIN(s) for both sender and receiver.

FIG. 10 illustrates one embodiment of steps involved with the sending of a letter or package facilitated by use of a TIN-enabled 2-Part Fluorescent shipping label enabled with TIN(s) for both sender and receiver.

FIG. 11 illustrates one embodiment of steps involved with the return of a letter or package facilitated by use of a TIN-enabled 2-Part Fluorescent shipping label enabled with TIN(s) for both sender and receiver.

DETAILED DESCRIPTION OF THE INVENTION INCLUDING THE PREFERRED EMBODIMENTS

FIG. 1 illustrates the various components of one embodiment of a Traceable Identification Number (TIN) used in creating TIN-enabled postage. From left to right the components comprise a Distributor Code 100; a Distribution Code 101; a Random and/ or Variable Identifier 102; an Embedded Code 103; a Checksum 104; and a Date and/or Time Stamp 105.

The invention is not limited by the illustration shown in FIG. 1. Other useful embodiments are possible using various combinations of the illustrated components depending . on the governing policies of the postal service. The invention is also not limited by the number of fields shown for any one component (e.g. Distributor Code 100 could inhabit one or more fields) or by the order in which the components are shown (e.g. Checksum 104 could follow Date and/or Time Stamp 105). In addition, the values for each of the components are also not necessarily limited to the use of numbers but might also comprise alphanumeric characters and/ or characters from an extended character set.

According to a preferred embodiment, Distributor Code 100 preferably provides a means of signaling the presence of a TIN during the scanning process executed within the postal system. In addition, Distributor Code 100 might also signal specific information as to the type of TIN or specific distribution channel or network through which the TIN was issued similar to credit and debit cards where for example a distributor code of "6" signals Discover Card and "4" signals Visa.

Distribution Code 101 preferably provides a means of limiting the TIN by signaling information about the particular market segment or specific channel through which the TIN-enabled stamp is distributed for sale. Distribution Code 101 could reflect values representative of various possible elements of distribution including but not limited to particular states or geographic areas, particular mail distribution areas or regions, particular post office branches or postal service agent locations, particular zip codes or carrier routes, particular industry codes, particular Internet service providers, domain addresses, etc. One embodment would be for Distribution Code 101 to incorporate the merchant ID number assigned to a post office branch or service agent by a bank or credit card processor.

Similar to Distributor Code 100, Distribution Code 101 might also prove useful in limiting TINs according to the specific distribution channel or distributor through which the TIN-enabled postage was issued. This would prove particularly useful in situations where TIN-enabled stamps might be generated and printed by more than one department or location within a postal service and/ or one or more outside contractor. Use of Distribution Code 101 in this manner would allow these various entities to function independently without concern of having to coordinate production so as to avoid duplicate TINs.

Random and/ or Variable Identifier 102 preferably provides an efficient means for meeting the vast demand for TINs that would be created by the implementation of a TIN-enabled postage program. The value string employed for use as Random and/or Variable Identifier 102 can be assigned by various means including random selection from a pool of available values or sequential assignment using increasing incremental values (e.g. 1,2,3, etc.).

The incorporation of Checksum 104 preferably provides an efficient and reliable means of verifying the integrity of TINs. Checksum 104 would operate by allowing an algorithmic function to be performed on a given TIN in which the result would then be compared to the checksum value appearing in the TIN. A match would provide a high degree of certainty that the TIN was authentic and had not been tampered with, especially if the algorithmic function was known to only select trusted parties. The incorporation of Checksum 104 is particularly useful in one embodiment involving use of a proxy account number (e.g. credit or debit card number) as a TIN capable of functioning as an accountholder (e.g. cardholder) transaction number for facilitating payment for postage on demand.

The Date and/ or Time Stamp 105 preferably provides a means of identifying the date and/or time that a TIN was issued. This limitation would prove useful by allowing investigators to limit the parameters of their search to only those stamp purchases taking place on or after that date. Identifying time would also prove useful in pinpointing the time of sale of a TIN issued through a postage label machine in which the machine may be under surveillance using a security camera for the purposes of identifying various buyers of record. In this instance, incorporation of time stamp in accordance with Date and/ or Time Stamp 105 would prove especially useful if seconds or even milliseconds are used in addition to minutes and hours.

FIG. 2 shows a preferred embodiment of a pre-printed postage stamp with the innovation of an Encoded TIN 200. The term "pre-printed" is to distinguish postage stamps that are able to be generated and distributed for sale to the public in advance of cancellation. Here, the illustration is of a TIN encoded with 2-Dimensional matrix code, a readily available technology. Other forms of encoding (e.g. encrypted bar codes) could be used, however 2-D matrix code is preferred due to its ability to communicate vast amounts of data in very small areas. 2-D Matrix Code also provides the means to present data in a redundant format allowing a high probability of a Stamp TIN being accurately scanned and identified in the event that a portion of a particular TIN enabled stamp is damaged or lost, as is often the case with the use of pre-printed stamps.

FIG. 3 shows a preferred embodiment of a Packaged Smart Stamps Identification Number with a Range Identifier 300 useful for identifying individual Smart Stamps contained within a specific package (e.g. book of stamps). The Range Identifier 300 provides an efficient means for the Packaged Smarts Stamps Identification Number to function as an item or merchandise number capable of identifying the individual Smart Stamps sold during purchase transactions. Here, the example is of a package of 20 stamps with Random and/ or Variable Identifiers ranging in sequence from "99980" to "99999."

FIG. 4 shows a preferred embodiment of Packaged Smart Stamps with Encoded Identification String 400 capable of being electronically scanned and the discemable encoded number stored as an item or merchandise number. Here, the example is of a regular bar code however other forms such as 2-D Matrix Code present suitable or superior alternatives although likely requiring some reprogramming of equipment at the point of sale.

FIG. 5 is an overview of one embodiment of a system in accord with the various embodiments for creating and processing TIN-enabled stamps. More specifically, the system comprises those components and processes necessary for facilitating the distribution and sale of TIN-enabled stamps to the public, the recording of information to a database involved with TIN-enabled stamp purchase transactions in a way that allows these transactions to be referenced at a later time as a matter of connecting a TIN-enabled stamp to a purchase transaction and the buyer of record, the scanning, authentication and recording of individual Smart Stamps in conjunction with mailing addresses as part of the sorting process for letters and packages coming into the postal system, and the searching of and access to stored information.

The system includes Postal Service and/ or Agent Host Computer (s) 500 having a microprocessor and memory useful for generating, assigning and issuing identifying numerical and/or alphanumerical strings in conjunction with trusted date and/or time stamps for use as TINs in conjunction with preprinted postage stamps, postage meter strips generated and printed at post office branches as well as metered stamps or similar electronic stamps printed in response to individual demand requests initiated at remote locations (e.g. businesses or homes). Postal Service and/ or Agent Host Computer(s) 500 connects by way of internal transmission lines to Printer 501; connects by way of Server 502 and wired and/ or wireless Telecommunications Network 503 and Internet 504 to Computerized Device 505 and Local Host 508; and connects by way of Postal Network 514 to Local Host 508.

Computerized Device 505 connects to Printer 507. Computerized Device 505 also connects to Smart Card 506, which can be used in conjunction with Point of Sale Terminal 509. In addition, Local Host 508 connects to Point of Sale Terminal 509, which is connected to Printer 510 either via local area network as shown or by direct connection.

According to a preferred embodiment, orders for pre-printed postatge stamps are placed with the postal service and/ or postal service agent(s). Using Postal Service or Agent Host Computer (s) 500, a central process involving a number generator is enacted to produce a series of TINs sufficient for the order comprising a Lead-in Code 100 reflecting an identifier associated with the postal service department or postal service agent, a Distribution Code 101 reflecting the zip code and post office branch number or limiting merchant identification number, a Random and/ or Variable Identifier 102 issued in sequence, a time stamp reflecting the date and time of printing, a Checksum 7. The number of digits for each portion of the TIN vary depending upon the governing policies of the postal service.

An alternative embodiment would be to incorporate Embedded Code 103 in addition to or as a substitute for Checksum 104. This would require that a cryptographic hashing function be used in creating Embedded Code 103 from various input parameters known to both the postal service department(s) and postal service agent(s).

According to the preferred embodiment, the generated TINs are stored locally in conjunction with the order number for accounting purposes. The generated TINs are then transferred via internal transmission lines to Printer 501 which has been equipped with a sufficient number of postage stamps to accommodate the order. A process operating in conjunction with Printer 501 transforms the received TINs into a 2-Dimensional Matrix Code 200 prior to the TINs being printed onto the postage stamps.

The printed Smart Stamps coming off production are packaged according to the various requirements of the order. Caution is taken to ensure the Smart Stamps are packaged in sequence so as to meet the requirements called for by the packaged smart stamps identification numbering system involving the use of Range Identifier 300. This might include the use of a scanner to keep record of individual Smart Stamps as they are packaged. After packaging is complete, issuance commences as the Smart Stamp order is delivered to the post office branch or postal service agent location for eventual sale to the public.

Per the preferred embodiment, the purchase phase involves a user being limited to buying packaged Smart Stamps at a post office branch or a postal service agent location. This is to facilitate use of Encoded Identification Number 400 so as to avoid the need for any software changes that likely would pose as an inconvenience to many postal service agents. The purchase process could involve person-to-person interaction with sales personnel or the purchase of Smart Stamps through various vending machines such as an ATM (Automated Teller Machine). Each of these scenarios are represented by Point of Sale Terminal 509.

During the purchase phase, the buyer presents a means of payment (e.g. cash, check, credit, debit, ATM, smart card, etc.) Depending on the means used for payment, the buyer may also be required to submit various types of additional personal information. For instance, in the preferred method purchases of Smart Stamps would be limited to the use of debit and ATM cards. This would take advantage of the widespread distribution and use of debit and ATM cards among the general public. This would also facilitate the requirement that a buyer also enter their personal identification number (PIN) for verification as a means of enhancing the security of Smart Stamp purchases.

Whether exercised through person-to-person contact or a vending machine, record would be made of Encoded Identification Number 400. This would be accomplished by either an internal accounting process in the case of a vending machine, or by manual scanning by a sales clerk. Each of these processes would allow the actual TIN to be revealed and recorded similar to convention item or merchandise numbers. The TIN would then be combined and stored with record of the card account number used in the purchase as well as any other personal information that might be already available to the seller or acquired during the transaction through the presentment of additional personal identification by the buyer (e.g. drivers license, passport, etc.).

FIG. 4 shows a mail processing apparatus according to an embodiment of the invention. While this embodiment could be used as a destination mail processing machine, it is preferably implemented as an originating mail processing apparatus for use in a postal system. This embodiment allows the detection and extraction of non-compliant mail pieces. This apparatus is designed to process mail pieces which have destination information such as an address, and to which TIN-enabled postage stamps and postage labels have been affixed. The apparatus has an input queue 60 into which mail pieces for processing are deposited. The input queue 60 feeds the mail pieces onto a mail piece conveyor 62 which is typically a series of belts designed to transport mail pieces through the mail processing apparatus to a multi-bin stacker generally indicated by 64. The multi-bin stacker 64 has a plurality of bins 64A, 64B, 64C, 64D, 64E, 64F, 64G, 64H, 641, 64J, 64K, 64L into which mail pieces can be directed by deviators 65 (12 shown). Along the length of the mail piece conveyor 62 (which need not be a straight line) various devices are placed to perform actions upon the mail pieces as they pass by. A camera 66 is provided for taking and digitizing an image of the front surface of the mail piece, the assumption being that the mail pieces have been previously faced such that the destination information and stamps are on the front surface. There is a weighing module 68 for measuring the weight of the mail pieces. There is a processing and control block generally indicated by 70 which is intended to represent most of the processing and control functionality of the mail processing machine. This may be implemented in one or a series of computer platforms with one or multiple processors. The processing and control block is connected to receive the digitized images taken by the camera 66 and the weights measured by the weighing module 68. It is also connected to control the deviators 65 forming part of the multi-bin stacker 64 so as to be able to precisely control into which bin a given mail piece is to be diverted. While the camera 66 preferably takes an image of the entire front surface of the mail piece, it (or a combination of cameras) must at least take one or more images which collectively include the destination information and the stamps.

The processing and control block 70 includes optical character recognition software for analyzing digitized images received from the camera 66, and more particularly for processing the unique identifier bar code on each stamp on the mail piece, and for determining the destination information. The processor and control block 70 also includes functionality which allows a determination of a required postage for various destinations for a given weight of a mail piece.

The steps performed by the mail processing apparatus of FIG. 4 will now be described with reference to the flowchart of FIG. 5. To begin, the camera 66 takes an image of the front surface of the mail piece, digitizes this and passes it to the processing and control block 70. The processing and control block 70 performs character and word recognition to identify the destination information and to find and decode the unique identifier bar code on each stamp and recover the data elements represented by the unique identifier bar code. There may be several stamps. Next, the processing and control block 70 accumulates a sum of the postage values of the postage stamps on the mail piece. The processing and control block 70 then determines a required postage based on the destination information and the weight.

Next, a comparison of the required postage with the total cumulative stamp value is made. If there is a postage shortfall, this fact is identified in real time, and the processing and control block 70 controls the stacker deviators 65 such that the mail piece is diverted to a bin which has been allocated to receive short paid mail, for example bin 64A which is labelled "short paid". If there is sufficient postage, then normal processing of the mail piece is completed, and the mail piece is diverted to a bin for transport, for example one of bins 64G, 64H, 641, 64J, 64K, 64L.

As part of the transaction phase, Smart Stamps are detected and the associated TINs verified for authenticity as a means of accurately identifying compliant letters and packages entering into Postal Network 511. The preferred embodiment provides for the authentication process to involve Checksum 104 and be integrated as part of the automated process currently used by modern postal systems for canceling stamps and scanning electronic images of envelopes as a matter of matching mailing addresses against a database of known addresses. Authentication involves scanning a TIN using a scanner capable of interpreting encoded TIN 200 (e.g. Moving Beam Laser Scanners, Charge Coupled Device (CCD) Scanners) and subjecting the interpreted value string to a cryptographic hashing function in which a newly created checksum can be compared to Checksum 104. A positive match triggers a process in which a record of the TIN is stored for combination with the verified mailing address. Should the mailing address not be successfully matched, the TIN would be resubmitted for authentication and recording at a later point when additional attempts would be made to verify the mailing address. In either case, failed authentication of the TIN would result in the letter or package continuing on within the Postal Network 511 and being treated as normal mail.

According to the preferred embodiment, any mail determined to be compliant at these points could be specially identified as part of the unique codes sprayed on individual pieces of mail to aid with sorting and distribution. This would help improve overall security and efficiency of a postal system by allowing compliant mail to be expedited for delivery, while non-compliant mail could be rerouted to specific areas to undergo greater scrutiny and additional security measures should they be warranted. After sorting and distribution within Postal Network 511 is complete, letters and packages marked by TIN- enabled stamps would be delivered no differently than normal mail. The post-transaction phase comprises those steps taken in the event a Smart Stamp is recovered from a letter or package suspected in a crime. The preferred embodiment provides for this to involve authorities to scan the TIN of a recovered Smart Stamp in order to identify the information contained within the various components. Should for whatever reason a TIN not be available or discemable, the alternative would be for authorities to access records stored in conjunction with Postal Network 511 to locate any pertinent TINs associated with the mailing address where the suspect letter or package was received.

Using the various components of the TIN, they would be able to determine such things as the date of issuance, the zip code in which the Smart Stamp was sold, or perhaps even the post office branch or business where it was sold. What exactly could be determined would depend on the specific information used in formulating Smart Stamps per the governing policies instituted by the postal service.

Armed with this information, authorities would then be able to conduct a search of records associated with Point of Sale Terminal 509 in first identifying the transaction referenced by the Random and/ or Variable Identifier 102 contained in the TIN. By locating the transaction in which the Smart Stamp was sold authorities would be able to identify the buyer of record either through personal identification information recorded as part of the purchase transaction and/or the debit or ATM card number used for the transaction. ALTERNATIVE EMBODIMENTS

As a matter of definition, a postage label is a label produced by imprinting a denomination (chosen by the buyer) on special paper. It is used to frank mail just like pre-printed postage stamps and may be used at any time by the buyer. This means that unlike meter strips and meter stamps they are not cancelled at the point of issuance. Different terms are used for postage labels. A widely used term is the German "Automatmarken" (ATM). Vending machines used for issuing postage labels are also commonly referred to as ATM machines with two of the most common being the Swiss Franca and the German Klϋ ssendorf. This is distinguished from automated teller machines (ATM) although for the purpose of the present invention it is possible that the two functions of printing postage labels and dispensing cash can be integrated into a single machine.

In the case of postage labels printed in response to individual demand requests either from vending machines or over network connections such as the Internet, the TIN is preferably generated, recorded, then applied to individual labels in a secure electronic realizable form (e.g. encrypted bar code or 2-Dimensional matrix code) similar to pre-printed postage stamps. However, here real-time generation also can afford the opportunity for the TIN to incorporate distribution identifier information and/ or buyer specific information. One embodiment for printing labels from a vending machine provides for a TIN to include a distribution identifier portion (e.g. vending machine identification number, 9-digit zip code) and a date and/ or time stamp portion in addition to the random and/ or variable portion.

Another embodiment for printing labels over network connections such as the Internet provides for a TIN to

FIG. 6 illustrates the alternative embodiment of a Postage Meter Strip with TIN involving the addition of a Random and/ or Variable Identifier 102 in creation of a useable Smart Stamp 600.

FIG. 7 illustrates the alternative embodiment of a Postage Meter Stamp with TIN involving the addition of a Random and/ or Variable Identifier 102 in creation of a useable Smart Stamp 700.

FIG. 8 illustrates the alternative embodiment of an Electronic Postage Stamp with TIN comprising a proxy account number (e.g. credit or debit card number) functioning as an accountholder (e.g. cardholder) digital signature 801. Also shown is the preferred method of expressing the encoded formed from the proxy account number as a 2-D Matrix Code 800.

ALTERNATIVE EMBODIMENTS Airline Baggage Handling Systems

In accord with one embodiment of the present invention, to obtain TIN- enabled stamps and labels a buyer would be required to present some form of verifiable personal identification (e.g. credit, debit or ATM card, drivers license, passport, social security card, bio-metric infoi nation, user ID, password, etc.) at the point of sale. An attempt would be made to verify the presented personal identification prior to completion of the purchase transaction. If verification is unsuccessful, the purchase transaction is discontinued. If verification is successful, the requirement for presentment of personal identification enables a record to be entered into a database reflecting a combination of the personal identification and certain information about the identity of the buyer together with the range of TINs reflected in the item or merchandise number of a package of pre-printed stamps or the TIN of an individually purchased postage. Security would be enhanced by requiring the verifiable personal identification used in conjunction with these transactions to be capable of being submitted for online authorization. Additional security measures might require the use of PINs (personal identification numbers) or bio-metric information (e.g. thumbprints or voice authentication) verifiable through network connections.

In the case of PINs, in the course of completing a purchase transaction a buyer would be required to enter a previously recorded alphanumeric string by having it inputted into a keypad at the point of sale. This PIN would be temporarily stored in conjunction with the presented verifiable personal identification and submitted across a network connection to a central database where the entered PIN would be compared against the previously recorded PIN. If different, a failure message is returned and the purchase transaction is discontinued. If the same, an authorization code is sent back for recording at the point of sale and the transaction continued.

In the case of bio-metric information, in the course of completing a purchase transaction a buyer would be required to subject to a biological scan of some sort (e.g. thumbprint, voice) in which a sample would be entered into a receiving device (e.g. thumbprint reader, telephone) and transformed into an image in coded form. The information contained in the image is temporarily stored in conjunction with the presented verifiable personal identification and submitted across a network connection to a central database where the entered image information would be compared against the previously recorded sample of the same type of biological scan. If different, a failure message is returned and the purchase transaction is discontinued. If the same, an authorization code is sent back for recording at the point of sale and the transaction continued.

The incorporation of Embedded Code 103 preferably provides a means of enhanced authentication using a message authentication code (MAC). Embedded Code 103 preferably results from a cryptographic hashing function involving various input parameters including but not limited to information specific to a stamp buyer. The incorporation of Embedded Code 103 is particularly useful in one embodiment involving the use of a proxy account number (e.g. credit or debit card number) as a TIN capable of functioning as an accountholder (e.g. cardholder) digital signature in which the authenticating party is the card issuer or card issuer agent (e.g. postal service.)

The hardware components needed for implementing this invention are currently in existence. However, it is expected that some custom written applications can be desired to assure smooth flow within the system. Such software can be readily written be a skilled programmer.

Although the invention has been described in detail, it is to be understood that variations therein and modifications thereto may be made by those skilled in the art without departing from the spirit and scope of the invention as set forth in the following claims. For example, the functions of the host computer can be provided by various microprocessors, servers, and memory storage devices working together in a system. The invention is also not limited by the terminology used to describe the invention or various embodiments herein.

Also incorporated by reference are U.S. Patent 6,000,832 entitled "Electronic online commerce card with customer generated transaction proxy number for online transactions" filed September 24, 1997 and U.S. Patent 6,398, 106 entitled "Unique Identifier Bar Code on Stamps and Apparatus and Method for Monitoring Stamp Usage with Identifier Bars" filed November 6, 2000.

Incorporation by Reference All patents, published patent applications and other references disclosed herein are hereby expressly incorporated by reference in their entireties by reference.

###

Claims

CLAIMSWhat I Claim Is:

1. A method for facilitating online commerce, comprising the steps of: issuing an electronic commerce card to a customer during a registration phase, the commerce card having a customer account number and a customer- related secret associated therewith; generating at the customer, during an online commerce transaction phase, a proxy number suitable for the online commerce transaction; and wherein the proxy number being generated resembles the customer account number; and in which embedded therein is a code number derived at least in part on the customer-related secret and an associated date and time stamp.