[go: up one dir, main page]

MXPA99001576A - Virtual postage meter with secure digital signature device - Google Patents

Virtual postage meter with secure digital signature device

Info

Publication number
MXPA99001576A
MXPA99001576A MXPA/A/1999/001576A MX9901576A MXPA99001576A MX PA99001576 A MXPA99001576 A MX PA99001576A MX 9901576 A MX9901576 A MX 9901576A MX PA99001576 A MXPA99001576 A MX PA99001576A
Authority
MX
Mexico
Prior art keywords
measured
postage
information
meter
record
Prior art date
Application number
MXPA/A/1999/001576A
Other languages
Spanish (es)
Inventor
A Cordery Robert
Mdiippolito Frank
M Heinden Gary
K Lee David
Original Assignee
A Cordery Robert
Pintsov Leon A
Pitney Bowes Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by A Cordery Robert, Pintsov Leon A, Pitney Bowes Inc filed Critical A Cordery Robert
Publication of MXPA99001576A publication Critical patent/MXPA99001576A/en

Links

Abstract

A system (10) and method of evidencing postage payment includes a data center (3) with a database (36) having a plurality of meter records (64) stored therein. Each meter record (64) includes meter information corresponding to a metering account assigned to each of a plurality of remote user devices (20, 22) that are authorized to request evidence of postage payment. When a request for postage (100) is received at the data center (30), a secure co-processor device (44) in the data center (3) obtains the appropriate meter record (64) and verifies the authenticity of the meter record (64) by verifying a signature (205, 210) in the meter record (64) and comparing freshness data (220, 225) in the meter record (64) to freshness data in the secure device (44). If verified, the secure device (44) then accounts for an amount of postage to be evidenced (130), generates evidence of postage payment (130) and updates the meter information, including the freshness data (130), in the meter record (64). The secure device (44) then signs the updated meter information and stores the signature in the meter record (64, 135, 140). The secure device (44) then returns the updated meter record (64) to the database (36, 135, 140).

Description

VIRTUAL PLOTTER WITH SECURE DIGITAL SIGNATURE DEVICE DESCRIPTION OF THE INVENTION This is a continuation request in part of the US Provisional Patent Application Serial No. 60/049518, filed on June 13, 1997 and assigned to the assignment of this invention. The present invention relates generally to a postage measurement system and to a method for proving postage payment in an open system and, more particularly to a postage measurement system and to the method for proving postage payment in a configuration of measurement. The present application is related to the following applications for International Serial Number Patents (Proxy Case Numbers E-733, E-734, E-735, E-736 and E-738), all filed concurrently with this, which have been assigned to the assignee of the present invention, all of which are incorporated herein by reference in their entirety. Postage measurement systems have been developed to use encrypted information that is printed on a piece of mail as part of an indicia that proves the postage payment. The encrypted information includes a postage value for the mail piece combined with other postal data relating to the mail piece and the printing of the indicia postage meter. The encrypted information, typically referred to as a special digital signal or a digital signature, authenticates and protects the integrity of the information, including the postage value printed on the mail piece for subsequent verification of the postage payment. Since the special digital signal incorporates encrypted information related to the proof of postage payment, the alteration of the printed information in a clue is detectable by means of standard verification procedures. Examples of systems that generate and print such indicia are described in U.S. Patent Nos. 4,725,718, 4,757,537, 4,775,246 and 4,873,645, each assigned to the assignee of the present invention. Currently, there are two postage measurement devices: a closed system and an open system. In a closed system, the functionality of the system is dedicated solely to the measurement activity. Examples of closed system meter devices, also referred to as franking test devices, include conventional digital and analog postage meters (mechanical and electronic), where a dedicated printer is securely coupled to a measurement or accounting function. In a closed system, typically the printer is securely coupled and dedicated to the meter and the printed evidence of the postage can not take place without the posting of evidence of postage. In an open system, the printer is not dedicated to the measurement activity, freeing the functionality of the system for multiple and diverse uses in addition to the measurement activity. Examples of open-system measuring devices include devices based on personal computers (PC) with single or multiple task operating systems, multi-user applications, and digital printers. An open system meter or device is a postage tester device with a non-dedicated printer that is not securely coupled to a secure accounting module. An open system mark printed by the non-dedicated printer is ensured by including information of the recipient on the encrypted evidence of the printed postage on the mailpiece for subsequent verification. See U.S. Patent Nos. 4,725,718 and 4,831,555, each assigned to the assignee of the present invention. The United States Postal Service ("USPS") has proposed an Information Based Brand Program ("IBIP") which is a system mandated to update and augment existing postage meters using new evidence of postage payment. known as brands based on information. The program relies on digital signature techniques to produce in each envelope a mark whose origin can be authenticated and the content can not be modified. The IBIP is expected to support new methods for applying postage in addition to the current approach, which typically relies on a postage meter to print mark on the mail pieces. The IBIP requires the printing of a large high-density two-dimensional ("2-D") bar code, or on a piece of mail. The 2-D barcode encodes the information, and is signed with a digital signature. The USPS has published specification projects for IBIP. The INFORMATION BASED INDICIA PROGRAM (IBIP) INDICIUM SPECIFICATION, dated June 13, 1996, and revised on July 23, 1997 ("IBIP Indicium Specification") define the proposed requirements for a new brand that is applied to the mail that is created using IBIP. The INFORMATION BASED INDICIA PROGRAM POSTAL SECURITY DEVICE SPECIFICATION, dated June 13, 1996, and revised on 23. July 19997 ("IBIP PSD Specification") defines the purposes of the proposed requirements for a postal security device ("PSD"), which is a counting device based on a secure processor that supplies and posts the postal value stored in the same to support the creation of a new "base to information" postage stamp or mark to be applied to mail that is processed using IBIP.
The INFORMATION BASED INDICIA PROGRAM HOST SYSTEM SPECIFICATION, dated October 9, 1996, defines the proposed requirements for an IBIP host element ("IBIP Host Specification"). IBIP includes user, postal and provider interface infrastructures that are the system elements of the program. The INFORMATION BASED INDICIA PROGRAM KEY MANAGEMENT PLAN SPECIFICATION, dated April 25, 1997, defines the generation, distribution, use and replacement of the cryptographic keys used by the product / service provider USPS and PSD ("IBIP KMS Specification"). The specifications are collectively referred to herein as "IBIP Specification". The IBIP specifications define an autonomous open meter system referred to herein as a PC meter comprising a PC coupled to a personal computer ("PC") that operates as a main system with a printer coupled to it ("Main PC") . The main PC operates the measurement application program and the associated libraries (collectively referred to herein as "Major Applications") and communicates with one or more joined PSDs. The PC meter can only access the PSDs coupled to the Main PC. There is no remote PSD access for the PC meter.
The PC Meter processes the transactions to provide the postage, registration and replenishment in the main PC. The processing is executed locally between the Main PC and the PSD coupled to it. Connections to a Data Center, for example, for registration and replenishment transactions, are made locally from the main PC through a local or re / internet modulator connection. Invoice and credit accounting for the PSD is also executed locally, entering the transactions in the main PC. The main PC can accommodate more than one PSD, for example, supporting one PSD per serial port. Several application programs that run on the main PC, such as a word processor or an envelope designer, can access the Main Applications. The IBIP specifications do not direct an open IBIP meter system in a network environment. However, the specifications do not prohibit such a system based on network. Generally, in a network environment, a network server controls the remote printer requested by a Client PC on the network. Of course, the Client PC controls any local printing. A version of a network meter system, referred to herein as a "virtual meter", has many main PCs without that PSD coupled to it. The main PCs run Main Applications, although all the PSD functions are executed in the Server located in a Data Center. The PSD functions in the Data Center can be executed in a secure device connected to a computer in the Data Center or they can be executed in the same Data Center computer. Major PCs must connect to the Data Center to process transactions such as postage distribution, measurement record, or meter replenishments. Transactions are requested by the Main PC, and sent to the Data Center for remote processing. The transactions are processed centrally in the Data Center and the results are returned to the Main PC. The accounting of the funds and the transaction process are centralized in the Data Center. See, for example, U.S. Patent Nos. 5,454,038 and 4,873,645 which are assigned to the assignee of the present invention. The virtual meter does not adhere to all the current requirements of the IBIP specifications. In particular, the IBIP specifications do not allow the PSD functions to be executed in the Data Center. However, it is understood that a virtual measurement configuration with each sender's PSD in the Data Center can provide an equivalent level of security as is required by the IBIP Specifications. In conventional closed system anical and electronic postage meters, a secure link between the printing and accounting functions is required. For postage meters configured with printing and accounting functions executed in a single secure box, the integrity of the secure box is monitored by periodic inspections of the meters. More recently, digital printing postage meters typically include a digital printer coupled to a measuring device (accounting), which is referred to herein as a postal security device (PSD). The digital printing postage meters have eliminated the need for physical inspection by the cryptographic assurance of the link between the accounting and printing mechanisms. In essence, the new digital printing postage meters create a safe point for the point communication link between the PSD and the printer. See, for example, U.S. Patent Number 4,802,218, issued to Christopher B. Wright et al., And assigned now to the assignee of the present invention. An example of a digital printing postage meter with secure printer communication is the Personal Post Office ™, manufactured by Pitney Bowes Inc. of Stamford, Connecticut.
In U.S. Patent Nos. 4,873,645, and 5,454,3,038, a virtual meter system and method are described wherein postal accounting and special signal generation occur in a remote data center of the postage-proof printer. Although the Data Center can be a secure installation, there are still certain inherent security issues, since the accounting and special signal generation functions do not occur in a local secure device for the postage printer. The virtual postage meter system includes a computer coupled to an unsecured printer, and a special system occurs in the Data Center. The Data Center is a centralized facility under the control of a meter provider, such as Pitney Bowes, or the Postal Service. As such, it is considered as safe compared to the environment, in which the sender handling meters directly. However, the data stored in the Data Center are accessible to the Data Center staff, and therefore, at a minimum level, subject to an inadvertent modification of such personnel. Any unauthorized changes to the user and the meter data stored in the Data Center compromise the integrity of the virtual postage metering system.
It has been determined that a virtual postage metering system provides benefits that are not available under conventional postage payment systems. For emails, a virtual postage measurement system provides central handling of all postage without the need to handle physical meters or PSD. An additional benefit is the opportunity to directly associate a sender to each piece of mail as the position to each restoration. For senders, remission mechanisms are not necessary, that is, the postage meter or PSD. Neither senders need to maintain updated lists of valid addresses such as purchased CD-ROMs. Senders can purchase postage on a basis as needed. Finally, meter providers do not have to keep track of physical meters. A virtual postage measurement system eliminates stolen or relocated meter problems and simplifies meter management in general. The present invention provides digital data security for a Data Center of a virtual postage measurement system that prevents inadvertent and international modifications to measure and use data stored in the Data Center. In accordance with the present invention the security keys are used to protect against unauthorized measurement authorization and to use records stored in the Data Center. The present invention also provides secure control of signal generation processes and the associated insurance that counts for each evidential transaction postage occurring in the data center. The security issued by the virtual postage measurement system includes using authentic, financial and postage transactions, and meter records; the database maintains encryption keys in the text to be deciphered and not in the plain text. For each transaction, all data includes a time stamp or sequence number, used to complete the transaction are digitally signed and the signature is stored as part of the updated transaction record. This finds that the transaction records maintained in this way prevent inadvertent changes to the records. Although the digital signature provides reasonable security, this is not bulletproof. It has been found that a historically signed record must be used in place of a current record requiring a stronger verification system to detect such "falsification". In accordance with the present invention, another level of security is added. It is found once the signature is verified, the transaction data can be checked for updating and eliminate any possibility of falsification, inadvertence or intentional. In accordance with the present invention, a system and method of payment of evident postage, provides a safe box that is used to sign the transaction documents and to authorize records measured and used. The system and method include a data center with a database that has a plurality of measured records stored therein. Each measured record includes measured information corresponding to a metered account assigned to each of the plurality of remote used devices that are authorized to request evidence of postage payment. When a request for postage is received in the data center, a secure co-processor device in the data center obtains the appropriate metered record and verifies the authenticity of the measured record by verifying a signature in the measured record and compares the updated data in the record measured for the new data in the secure device. If verified, the security device then counts for an amount of postage that is authorized, generates authorization for the postage payment and updates the measured information, which includes the new data, in the measured record. The secure device then signs the updated measured information and stores the signatures in the measured record. The security device then returns the updated measured record to the database. BRIEF DESCRIPTION OF THE DRAWINGS The foregoing and other objects and advantages of the present invention will become apparent upon consideration of the following detailed description, taken in conjunction with the accompanying drawings, in which like reference numbers refer to like parts in all of them, and in which: Figure 1 is a block diagram of a virtual postage measuring system for apportioning the postage representing the principles of the invention; Figure 2 is a block diagram of the database server of the Data Center and the secure box for the virtual postage measurement system of the Figure 1; Figure 3 is a flowchart of the process for distributing the postage by the virtual postage measuring system of Figure 1; and Figure 4 is a flowchart of the process executed within the secure meter box of the virtual postage measuring system of Figure 1. In describing the present invention, reference is made to the drawings, where it is seen in FIG. Figure 1, a virtual postage metering system, generally designated 10. The virtual postage metering system 10 includes a plurality (only one is shown) of personal computer systems (PCs) generally designated 20, each having access to a printer 22 to print the evidence of postage on an envelope label. The PC 20 is connected to a Transaction Processing Data Center 30, which executes the accounting and postal verification of the postage. The system of measurement of virtual postage 10, allows each sender to use a conventional PC, to remotely obtain evidence of the postage payment on a base as necessary. Unlike conventional postage measuring systems, the virtual postage measuring system 10 does not include any metering mechanism located in the sender's installation. There are also no postal funds stored in the sender's installation. All measurement and accounting of the funds occur in the Data Center 30 using functional computing programs and database registration representing each "postage meter" of the sender, referred to herein as a "metering counter". The accounting method for the virtual postage measuring system 10 can be a pre-payment system or conventional post-payment. The preferred method is a pre-payment method where each sender has the requirement to place a minimum amount of money in the sender's virtual metering account. As the accounting funds fall below a specific level, a replenishment is charged against the sender's account An alternative accounting method that is suitable for a virtual postage metering system is a real-time payment method in which the amount of a transaction is charged to the sender's credit card account when the transaction occurs. This method is referred to herein as a "gradual step loading" postage payment, since the sender does not pay for the postage of a piece of mail until the sender is ready to print the mail piece. In the virtual postage measurement system, a provider, "meter", such as Pitney Bowes, Inc., provides the sender with the client's computer program operating on the PC 20, for example, the client program may be transferred from the provider's Internet server. Alternatively, the client's computer program can be the central page based on Internet browser that provides user interactions with the Data Center 30. The meter provider also manages the Data Center 30. The client program initiates the communications with the Data Center 30 that executes the measurement transactions to test the postage of individual mail pieces or batches of mail pieces. In the preferred embodiment, the client program establishes a connection to the Data Center, and requests the postage by providing the central information, related to the required transactions, such as the amount of postage, the recipient's information and (optionally) the origin of the deposit for each piece of mail. The Data Center 30 receives the postal information, determines the originating postal code for the mail piece, executes the accounting functions and generates an encrypted evidence of the postage payment, such as a special signal or digital signature, and sends the information of brand including the special signal, to the PC 20. The PC 20 receives the brand information, creates a brand bit map, which can be displayed on the PC monitor (not shown) and printed on the mail piece by the printer 22. The PC 20 then disconnects from the Data Center 30 or requests another transaction. The connection between the PC 20 and the Data Center 30 can be through a network service provider, such as the Internet, or by direct dialing, using the PC modulator. The virtual postage metering system 10 eliminates the need to maintain and account for traditional metering devices at each sender's facility and provides flexibility for requests to handle multiple deposit origins by each sender. The virtual postage measuring system 10 also provides value-added services that are not available with conventional metering devices, such as, real-time address cleaning, direct marketing services and gradual step charge postage payment. The virtual postage measuring system 10 provides the user with authentication via Data Center 30 to identify senders with valid accounts. When a sender has been authenticated for each request, for example, by a username, password or other conventional methods, Data Center 30 receives the request, and returns the trademark information to PC 20 where the trademark is created and printed on the mail piece. Referring again to Figure 1, the sender initiates a franking test transaction by operating the client program on the PC 20, which contacts the Data Center 30. In the Data Center 30, a Communication Server 32 supports connectivity from various communication technologies and protocols. The Communication Server combines all the incoming traffic and directs it to the Function Server 34, which includes the application program that supports the sender's signature, the distribution of the postage and the postal report. All sender and meter information is accessed from a Database Server 36 where information is stored securely using secure cryptographic processes and protocols as described below. The Data Center 30 maintains the cryptographic keys for each meter account in the Database Server 36. The cryptographic keys are used to demonstrate the postage and verification, as well as for the security of the records stored in the Base Server of Data 36. A Key Management System 38 manages all the cryptographic keys used in a virtual postage measurement system 10. Cryptographic keys can be distributed to verifiers in remote locations. U.S. Patent Application Serial Number 08/553812, dated October 23, 1995, and assigned to the assignee of the present invention, discloses such a key management system. A sender can establish a meter account through an online signing process with the Data Center 30. During the signing, the sender accesses, in the PC 20, the accounting information, such as the user number, access to the payment method. Any registration rights may be charged at that time. The Data Center 30, preferably administered by a meter provider, such as Pitney Bowes Inc., places all meter licenses and agreements between its senders and the mail.
In the present invention, the PSD does not exist, ie there is no measuring device coupled to the PC from which the postage payment is requested. The virtual franking measurement system 10 replaces the accounting and measuring functions of the PSD with the measurement program on the PC 20 and the sender accounting information executed and updated in the Data Center 30. The virtual postage measurement system 10 provides each sender with a measurement system that has the ability to originate transactions from multiple deposit origins. See, for example, the previously-annotated International Patent Application for the Series Number [Case of Attorney E-735]. Several methods can be used to determine the origin of the deposit for a required transaction. For example, a method for determining the origin postal code using a call identifier of a telephone call described in United States Patent Application Serial Number 08 / 775,818, filed on December 31, 1996 and assigned to the assignee of the present invention, which is incorporated herein by reference in its entirety. In accordance with the present invention, one or more cryptographic modules, referred to herein as "secure" boxes, are located within Data Center 30 and are used to execute the cryptographic processes. Each secure box is a secure alteration and response response device, which includes a memory processor, which stores encryption keys and executes cryptographic operations, using the keys within the secure limit of the device. The Data Center 30 includes several types of secure boxes, which are described below. In the preferred embodiment, Data Center 30 includes multiple boxes of each type for redundancy and execution. The Key Management system 38 includes a manufacturing box (not shown) that provides the high-level keys used to generate random numbers to give rise to each of the other safe boxes. Sharing a common cryptographic key, secure cells communicate securely within Data Center 30. The Key Management System 38 also includes a "steel" box (not shown) that shares a common key with a meter box 44 (described below) to encrypt / decrypt master special signal keys for franking test transactions for each meter account. The steel box combines a provider key and a postal key in a record in the encrypted text. For each meter account, the Data Center 30 creates a logical meter, ie a meter register, in the Database Server 36 generating a special signal key using the supplier and postal codes, initializing the meter records ( ascending and descending), new meter data (described below) and other postal information as part of the meter record, and then storing the meter record in the Database Server 36. The Data Center 30 also includes a check box. meter 44 that shares a secret key with the steel box to decrypt the special encrypted signal key in the meter register. The meter box 44 also maintains the key used for the digital signature of the transaction records. The only information stored in the meter box 44 is the new data for each meter record processed by the meter box 44. For each franking transaction, the meter box 44 generates at least one special signal or digital signature of the postage transaction, and update the meter record that corresponds to the transaction. Each meter record in the Database Server 36 includes postal funds as well as the special signal keys in the encrypted text. The meter box 44 uses the special signal keys to generate special signals, updates the postal funds in the meter record and signs the updated meter record. In this way, the meter box 44 executes and controls the secure accounting for each transaction. The meter box 44 can also be used to verify the special signal or transaction signature for verification of the postage test for the transaction. The Data Center 30 also includes an Authentication Box 40 that shares a different secret key with the steel box to decrypt a user authentication key stored in the encrypted text on the Data Base Server 36. The authentication box 40 also executes the authentication algorithms using the decrypted authentication key to authenticate a sender. This function can be added to the steel box of the key management system 38 to eliminate the need for a separate box in the Data Center 30. Finally, the Data Center 30 includes a transaction box 42 that shares another secret key. with the steel box to sign the user transaction records different from the meter records signed by the meter box 44, such as connections and historical connection records. The transaction box 42 subsequently checks the transaction record signature when the next transaction is requested.
Referring now to Figure 2, a configuration of the Database Server 36, which includes a meter database 60, a sender database 62 and a database of meter records 64, is shown. The meter database 60 comprises the associated meter information for each meter account, such as the meter serial number, register update counter, up register, down register and other postal values. The sender database 62 comprises sender information and information that associates a sender with a meter account. In the operation, the Communication Server 32 receives a request for a meter transaction from the sender's PC 20. The application program in Function Server 34 controls the processing of the transaction request. The Function Server 34 accesses the sender database 62 and the meter database 60 to obtain the records, including the appropriate meter register 64 that corresponds to the meter accounting of the sender initiating the request. The Function Server 34 communicates with the sender registers from the sender's database 62 to the Authentication Box 40, which then authenticates the sender's request for the transaction. Once the sender has been authenticated, the Function Server 34 communicates the appropriate meter register 64 to the meter box 44, which verifies a signature and the new data for the registration. The meter box 44 decrypts the encrypted keys that are stored within the meter register 64, executes the accounting functions in the ascending and descending registers in the meter register 64, and uses the keys to generate a special signal for the requested transaction. The meter box 44 then generates the data for a mark, and re-signs the meter register 64. The updated and signed record is then sent back to the Database Server 36 where it is stored as part of the database of the meter 60. In the Data Center 30, the authentication keys are not available in the normal text, but must be distributed to the sender. Conventional methods of distributing and updating the authentication key for each sender can be used. See, for example, the aforementioned US Patent Application Serial Number 08/553812, which describes a key management system for distributing and updating the cryptographic keys to the secure boxes and the sender's PC. One of the important tasks for the key management system 38 is to obtain the postal key and associate it with a provider key. In the key management system 38, the steel box creates a meter serial number, the manufacturing number, the supplier keys and postcards in a meter register 64 for each meter accounting. For the encryption / decryption algorithms, a set of triple DES keys is used to encrypt the encryption keys to generate the special signals or signatures for the marks. Another set of triple trip keys are used to sign the meter records. The meter box 44 securely stores both sets of triple trip keys. In order to avoid using only one key to encrypt the entire set of meter keys to generate special signals to the signatures for the indicia, a derived key is used. The first set of triple DES keys derive the triple trip keys by encrypting the meter serial number (accounting) in each meter record. The derived triple DES keys then encrypt the encryption keys for the marks that are stored in the Database Server 36. The second set of triple DES keys to sign use a similar scheme to derive the signature keys in a similar way, that is, using the meter serial number, as the data to derive the keys. It will be understood that a set of triple trip keys can be used for both purposes. However, it is desirable that each set of keys be used only for one purpose. In the preferred embodiment of the present invention, a common key is used to sign all transactions and records that require a digital signature, such as, meter registration, postage transactions, funds transfer registration, master accounting records, etc. . The multiple boxes in each box are used for redundancy and to share the workload as the number of transactions grows. The signature box, such as the meter box 44 or the 40 identification box, will verify the signature of a record. With respect to the signature algorithm for the meter register 64, a message authentication code (MAC) is used to provide the message integrity for the virtual measurement registers. .. This MAC involves multiple applications of the Data Encryption Standard (DES) The signature keys will be updated using the current month and year. During manufacturing, two initial master keys will be accessed within the non-volatile memory (NVM) of the meter box 44. The NVM is used for permanent storage for the prevention of external access to the key information. The keys for trademarks and the keys for signature are derived in a conventional manner, as described above. The virtual measurement registers the signature verification algorithm, simply by recalculating the signature of the meter register 64, using the signature algorithm and the data within the meter register 64 and compares the calculated signature with the signature in the meter register 64. Referring now to Figure 3, the process for safely improving a proven transaction in a postage metering system is described. At step 100, the Communication Server 32 receives a request for proven postage from the sending PC 20. At step 105, the Function Server 34 requests access to the sender's account information stored in the Database Server 36. At step 110, the Database Server 36 sends the sender information, measured information , which includes a measured record associated with the sender initiating the request. At step 115, the Function Server 34 sends sender information to the Authentication Box 40. When the sender is authorized to a step 120, then step 125, the Function Service 34 sends the measured information, includes the measured log to the meter box 44 to a stage 130, the meter box 44 authorizes the measured record, describes the encrypted signal key which is part of the record, verifies the novelty of the record, improves the account, generates a signal, updates the data Nodes and signs the measured record, which is returned to the Function Server 34. At step 135, the Function Server 34 sends the current and signed measured records to the Database Server 36 and sends the Communication Server 32 the signal and the associated postal information necessary to create a clue. At step 140, the Database Server 36 stores the measured record updated and signed. At step 145, the Communication Server 32 sends the signal and postal information to the sender PC 20. Referring now to Figure 4, the process executed within the secure meter box of the virtual postage metering system is described. In step 200, the meter box 44 receives a signed meter record. In step 205, the signature of the meter record is verified. If it is not verified in step 210, then, in step 215, the meter box ends the transaction and warns Function Server 34 for possible alteration. If the signature has been verified, then, in step 220, the meter box compares the new data that is stored in the meter box for each meter account of the new data stored as part of the meter record. The new data selected for this comparison must be data that is unique to each transaction. In the preferred embodiment, the record update counter is used, although a random number, time stamp or other can be used. The comparison in step 220 avoids the inadvertent or intentional substitution of a previous meter record for the current meter record during the virtual postage measurement transaction. In step 225, if the new compared data is not identical, then in step 230, the meter box ends the transaction and warns Function Server 34 for any possible alteration. If the new data stored in the meter register is identical new associated with the meter register that are stored in the meter box, then, in step 235, the meter box decrypts the special signal key that was received in the form encrypted as part of the meter record. In stage 240, the meter executes the accounting functions for the transaction, such as increasing the ascending register, decreasing the downward registration and increasing the record updating counter. In step 245, the new data in the meter record is updated. In step 250, the new data stored in the record box 44 is updated. In step 255, the meter box generates the special signal using the decrypted special signal key. In step 260, the meter box updates the meter register by storing the new register values and meter register update counter, and then signs the updated register using the key stored in the meter box. In step 265, the meter box sends the updated and signed meter register to the Database Server 36, for storage until the next transaction of the meter account assigned to the meter register. It will be understood that although the embodiments of the present invention have been described as franking measurement systems, the present invention is applicable to any value measurement system that includes transaction proof, such as monetary transactions, item transactions and transaction transactions. information. While the present invention has been described with reference to a single embodiment thereof, it will be evident, as noted above, that variations may be made therein. It is therefore intended, in the following claims, to cover each variation and modification that fall within the true spirit and scope of the present invention.

Claims (13)

  1. CLAIMS 1. A secure postage distribution system characterized in that it comprises: a data center for distributing postage in response requested by the postage from a plurality of remote user devices, the data center comprises: database means for storing data records, such data records include using information and entering information by individual measurement accounts, each of the measured accounts are assigned to each of the plurality of remote user devices; means for receiving requests for postage testing from the plurality of remote user devices; means for authorizing each request by postage by trying to use the user information and the measured information corresponding to the account measured by the remote user device by initializing the request by proven postage; and means for distributing the requested franking test, the distributed means include at least a first secure device including processor and memory, wherein the first secure device obtains the information measured from the database means, verifies the authenticity of the information measure, generate the evidence of postage requested, update the measured information, digitally sign the updated measured information and return the updated measured information signed to the database means.
  2. 2. The system in accordance with the claim 1, characterized in that the database means includes a database of measured records, each of the measured records includes the measured information corresponding to one of the accounts measured by the plurality of remote user devices and a signature of the measured information.
  3. 3. The system in accordance with the claim 2, characterized in that the measured information includes ascending and descending registers, an encrypted signal key and novel data. .
  4. The system in accordance with the claim 3, characterized in that the novel data comprises a current register counter corresponding to the postage number proving transactions processed by the secure device.
  5. The system according to claim 2, characterized in that the first security device includes means for storing first and second keys, verifying the signature in each measured record and for signing the updated measured information before returning each measured record to the means of database, the second key being used to decrypt the encrypted signal key in the measured register, such a secure device uses the signal key to generate the evidence of postage requested.
  6. The system according to claim 5, characterized in that a function server processes each request received by said communication server and obtains the appropriate used information and the information measured from the database server and sends the information used and the information measured to the authorized means and means of distribution.
  7. 7. The system in accordance with the claim 1, characterized in that the means for authorizing comprise a second secure box, which includes processing, memory and means for storing a third cryptographic key, the third key being used to verify a signature associated with the information used of the measured account being processed .
  8. The system according to claim 7, characterized in that it also comprises a host key used to generate and maintain cryptographic keys used by the authorization means and the distribution means.
  9. The system according to claim 1, characterized in that the receiving means comprise a communication server and the database means comprise a database server each being located at the data center.
  10. 10. A proven postage payment method, the method comprising the steps of: providing a plurality of measured records, each measured record includes measured information corresponding to a measured account assigned to each of the plurality of remote used devices that are authorized to request proof of postage payment; storing the plurality of records measured in the database to a data center; obtain a first measured record when a request to prove the postage payment is received by the data center; verify the authenticity of the first record measured by verifying a signature in the first measured record; count for a proven amount of postage; generate a digital signal as proof of postage payment; update the information measured in the first measured record; sign the updated measurement information to update the signature of the first measured record; and return the first measured record to the database.
  11. 11. The method according to the claim 10, characterized in that the steps of obtaining, verifying, counting, generating, updating, signing and returning are improved in a secure device.
  12. 12. The method in accordance with the claim 11, characterized in that the step of verifying the authenticity of the first measured record comprises the steps of: comparing novel data in the first measured record with the novel data stored in the secure device. The method according to claim 11, characterized in that the step of updating the measured information comprises the steps of: updating the novel data stored in the secure device and in the first measured record.
MXPA/A/1999/001576A 1997-06-12 1999-02-12 Virtual postage meter with secure digital signature device MXPA99001576A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US049518 1997-06-12

Publications (1)

Publication Number Publication Date
MXPA99001576A true MXPA99001576A (en) 1999-09-20

Family

ID=

Similar Documents

Publication Publication Date Title
EP0931299B1 (en) Virtual postage meter with secure digital signature device
US6466921B1 (en) Virtual postage meter with secure digital signature device
US6005945A (en) System and method for dispensing postage based on telephonic or web milli-transactions
US6567794B1 (en) Method for access control in a virtual postage metering system
US7778924B1 (en) System and method for transferring items having value
US6064993A (en) Closed system virtual postage meter
EP1247258B1 (en) Software based stamp dispenser
US7251632B1 (en) Machine dependent login for on-line value-bearing item system
US7203666B1 (en) Virtual postage metering system
US7240037B1 (en) Method and apparatus for digitally signing an advertisement area next to a value-bearing item
US6169804B1 (en) Method for verifying the expected postage security device and its status
US20040059680A1 (en) Method for providing letters and parcels with postal remarks
MXPA99001576A (en) Virtual postage meter with secure digital signature device
WO2001029741A2 (en) Machine dependent login for on-line value-bearing item system