[go: up one dir, main page]

WO2012040588A1 - Ultra-light postage system - Google Patents

Ultra-light postage system Download PDF

Info

Publication number
WO2012040588A1
WO2012040588A1 PCT/US2011/053004 US2011053004W WO2012040588A1 WO 2012040588 A1 WO2012040588 A1 WO 2012040588A1 US 2011053004 W US2011053004 W US 2011053004W WO 2012040588 A1 WO2012040588 A1 WO 2012040588A1
Authority
WO
WIPO (PCT)
Prior art keywords
postage
computing device
removable media
media device
register
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2011/053004
Other languages
French (fr)
Inventor
Mike Murphy
Wilson Pearce
Mark Durbin
Alan Ward
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Proiam LLC
Original Assignee
Proiam LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Proiam LLC filed Critical Proiam LLC
Publication of WO2012040588A1 publication Critical patent/WO2012040588A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/00024Physical or organizational aspects of franking systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2250/00Postage metering systems
    • G06Q2250/05Postage metering systems using cryptography
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/00024Physical or organizational aspects of franking systems
    • G07B2017/00048Software architecture
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/00024Physical or organizational aspects of franking systems
    • G07B2017/00048Software architecture
    • G07B2017/00056Client-server
    • G07B2017/00064Virtual meter, online stamp; PSD functions or indicia creation not at user's location
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • G07B2017/00153Communication details outside or between apparatus for sending information
    • G07B2017/00177Communication details outside or between apparatus for sending information from a portable device, e.g. a card or a PCMCIA
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00193Constructional details of apparatus in a franking system
    • G07B2017/00201Open franking system, i.e. the printer is not dedicated to franking only, e.g. PC (Personal Computer)
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00193Constructional details of apparatus in a franking system
    • G07B2017/00225Vending machine or POS (Point Of Sale) apparatus
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00362Calculation or computing within apparatus, e.g. calculation of postage value
    • G07B2017/00419Software organization, e.g. separation into objects

Definitions

  • the present disclosure relates generally to computer-based methods and apparatuses, including computer program products, for an ultra-light postage system.
  • the secure removable media device includes a postage register system configured to manage access to a postage register; an operating system configured to control a computing device; and a point of sale system configured to request access to the postage register via the postage register system, and request access to the computing device via the operating system.
  • the secure removable media device includes instructions being operable to cause a computing device to authenticate the secure . removable media device based on a signed removable storage device identification stored on the secure removable media device; authenticate the computing device based on a signed computing device identification stored on the secure removable mcdia device; manage access to a postage register, the instructions being operable to cause the computing device to manage access to the postage register being stored on the secure removable media device; and control the computing device, the instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device.
  • Another approach to an ultra-light postage system is a system.
  • the system includes a computing device configured to control one or more computerized components; and a secure removable media device that includes a postage register module configured to manage access to a postage register; an operating system module configured to control the computing device; and a point of sale module configured to request access to the postage register via the postage register module, and request access to the computing device via the operating system module.
  • a computing device configured to control one or more computerized components
  • a secure removable media device that includes a postage register module configured to manage access to a postage register; an operating system module configured to control the computing device; and a point of sale module configured to request access to the postage register via the postage register module, and request access to the computing device via the operating system module.
  • the method includes authenticating a secure removable media device based on a signed removable storage device identification stored on the secure removable media device; authenticating a computing device based on a signed computing device identification stored on the secure removable media device; managing access to a postage register based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof; and controlling the computing device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
  • the method includes receiving a computing device from a computing device provider; receiving a removable storage media device from a postage provider; assembling the computing device and the removable storage media device; and authorizing the ultra-light postage system via a postage authentication server.
  • the secure removable media device includes means for managing access to a postage register; means for controlling a computing device; means for requesting access to the postage register via the postage register system, and means for requesting access to the computing device via the operating system.
  • 0009J Another approach to an ultra-light micro cash system is a secure removable media device.
  • the secure removable media device includes a micro cash system configured to manage access to a micro cash register; an operating system configured to control a computing device; and a user interface system conf ⁇ red to request access to the micro cash register via the micro cash system, and request access to the computing device via the operating system.
  • the secure removable media device includes instructions being operable to cause a computing device to authenticate the secure removable media device based on a signed removable storage device identification stored on the secure removable media device; authenticate the computing device based on a signed computing device identification stored on the secure removable media device; manage access to a micro cash register, the instructions being operable to cause the computing device to manage access to the micro cash register being stored on the secure removable media device; and control the computing device, the instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device.
  • the system includes a computing device configured to control one or more computerized components; and a secure removable media device including a micro cash register module configured to manage access to a micro cash register; an operating system module configured to control the computing device; and a user interface module configured to request access to the micro cash register via the micro cash module, and request access to the computing device via the operating system module.
  • a computing device configured to control one or more computerized components
  • a secure removable media device including a micro cash register module configured to manage access to a micro cash register; an operating system module configured to control the computing device; and a user interface module configured to request access to the micro cash register via the micro cash module, and request access to the computing device via the operating system module.
  • the method includes authenticating a secure removable media device based on a signed removable storage device identification stored on the secure removable media device; authenticating a computing device based on a signed computing device identification stored on the secure removable media device; managing access to a micro cash register based on the authentication of the. secure removable media device, the authentication of the computing device, or any combination thereof; and controlling the computing device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
  • 00 I3) Another approach to an ultra-light micro cash system is a method. The method includes receiving a computing device from a computing device provider; receiving a removable storage media device from a micro cash provider; assembling the computing device and the removable storage media device; and authorizing the ultra-light micro cash system via a micro cash authentication server.
  • any of the approaches above can include one or more of the following features.
  • the secure removable media device further includes a partition emulator system configured to enable access to the postage register system, the point of sale system, the operating system, or any combination thereof.
  • the secure removable media device.further. includes a partition emulator system configured to authenticate the computing device based on a signed computing device identification stored on the secure removable media device.
  • the postage register system is encrypted, the point of sale system is encrypted, and/or the operating system is encrypted; and the secure removable media device further includes the partition emulator system configured to decrypt the postage register system, the point of sale system, the operating system, or any combination thereof based on the authentication of the computing device.
  • the secure removable media device further includes a partition emulator system configured to authenticate the secure removable media device based on a signed removable storage device identification stored on the secure removable media device.
  • the postage register system is encrypted, the point of sale system is encrypted, and/or the operating system is encrypted; and the secure removable media device further includes: the partition emulator system configured to decrypt the postage register system, the point ofsalc system, the operating system, or any combination thereof based on the authentication of the secure removable media device.
  • the secure removable media device further includes a partition emulator system configured to modify a signed computing device identification based on an update request from . an authentication server.
  • the secure removable media device further includes the partition emulator system further configured to encrypt the postage register system, the point of sale system, the operating system, or any combination thereof based on the modi fied signed computing device identification.
  • the secure removable media device further includes the postage register system further configured to append an entry to the postage register based on an append request from the point of sale system.
  • the secure removable media . device further includes the postage register system further configured to determine available postage from the postage register based on an available postage request from the point of sale system.
  • the secure removable media device further includes the postage register system further configured to audit the postage register based on an audit request from the point of sale system.
  • the secure removable media device further includes the postage register system further configured to credit postage to the postage register based on an authenticated add postage request from an authenticated postage server.
  • the secure removable media device further includes a boot loader configured to execute instructions to initiate a start-up sequence of the computing device.
  • the secure removable media. device includes a secure digital memory card.
  • the secure removable media device includes a compact flash memory card, a secure universal serial bus memory device, a multimedia memory card, a memory stick device, an extreme digital memory card, or any combination thereof.
  • the secure removable media device further include instructions being operable to cause the computing device to enable access to the postage register based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
  • the secure removable media device further includes instructions being operable to cause the computing device to enable access to the secure removable media device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
  • the system further includes a printer for printing postage based on an authorized postage request.
  • system further includes the postage register module further configured to debit the postage register based on the authorized postage request.
  • the computing device includes no computer executable instructions to access the postage register.
  • the system further includes an enrollment device for determining one or more, postage parameters associated with an object.
  • system further includes the point of sale module further con figured to generate an authorized postage request based on the one or more postage parameters.
  • the instructions being operable to cause the computing device to manage access to the postage register being stored on the secure removable media device.
  • the instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device.
  • the computing device includes no computer executable instructions to access a postage register associated with the ultra-light postage system.
  • the ultra-light postage system technique ' s described herein can provide one or more of the following advantages.
  • An advantage to the ultra-light postage system is that the secure postage register and the other operating system components are integrated into a single secure removable storage device, thereby reducing the additional expense of separate devices and increasing the efficiency of the postage system via the integrated system.
  • FIG. 1 is a diagram of an exemplary postage system
  • FIG. 2 is a diagram of another exemplary postage system
  • FIG. 3 is a diagram of another exemplary postage system
  • FIG. 4 is a diagram of another exemplary postage system
  • FIG. 5 is a diagram of another exemplary postage system
  • FIG. 6 is a diagram of another exemplary postage system
  • FIG. 7 is a diagram of an exemplary counter-service postage system
  • FIG. 8 is a diagram of an exemplary self-service postage system
  • FIG. 9 is a diagram of another exemplary postage system
  • FIG. 10 is a diagram of an exemplary computing device
  • FIG. 1 1 illustrate exemplary postage
  • FIG. 12 is a flowchart of an exemplary boot process
  • FIG. 13 is a diagram of an exemplary process for accessing an encrypted partition
  • FIG. 14 is a flowchart of an exemplary postage register access process
  • FIG. 15 is a diagram of an exemplary process for accessing a postage register
  • FIG. 16 is a flowchart of an exemplary register update process
  • FIG. 17 is a diagram of an exemplary process for updating an encrypted register
  • FIG. 18 is a flowchart of an exemplary authorization process
  • FIG. 19 is a diagram of an exemplary computer device setup process.
  • an ultra-light postage system includes a secure removable media device (e.g., a secure digital memory card, a compact flash memory card, a removable storage device, etc.) that stores a postage register system (e.g., a postage register, a postage register application programming interface (API), etc.), an operating system (e.g., a system call, a hardware, interface, a kernel, etc.), and/or a point of sale system (e.g., a graphical user interface, an accounting functionality, an interface to the operating system, an interface to the postage- register API, etc.).
  • a postage register system e.g., a postage register, a postage register application programming interface (API), etc.
  • an operating system e.g., a system call, a hardware, interface, a kernel, etc.
  • a point of sale system e.g., a graphical user interface, an accounting functionality, an interface to the operating system, an interface to the postage- register API
  • the secure removable media device can be utilized with a computing device (e.g., a personal computer, a mobile device, an enrollment device, etc.) to operate the ultra-light postage system (e.g., purchase of postage for a package, credit postage to the system, print postage, track packages, etc.).
  • a computing device e.g., a personal computer, a mobile device, an enrollment device, etc.
  • the ultralight postage system advantageously enables the secure operation of postage system utilizing a secure removable media device which increases.the efficiency of distributing postage systems across an organization (e.g., national post offices, frahchised postal company stores, etc.) by reducing the security and administrative complexity of a postage system with a postage register system that is separate and distinct from the other components of the system.
  • the ultra-light postage system described herein can, for example, meet and or exceed postage evidence requirements and/or postage evidence security requirements associated with a postal service (such as the United Stated Postal Service) via the secure removable media device and the secure postage register system included thereon.
  • a postal service such as the United Stated Postal Service
  • the ultra-light postage system meets and/or exceeds the security requirements described in the United States Postal Service Information-Based Indicia Program described in Performance Criteria And Security Architecture For Open IB I Postage Evidencing System, USPS-I-3195, February 23, 2000.
  • the ultra-light postage system can enable the integration of a postal security device directly into the ultra-light postage system via the secure removable media device, thereby advantageous decreasing the cost of the ultra-light postage system by reducing the required components of the system, i.e., a separate postal security device with its own processor which is separate and distinct from the processor of the computing device is not required.
  • FIG. 1 is a diagram of an exemplary postage system.
  • the secure digital media is inserted into the media slot of the computing device (in this example, a laptop computer).
  • the computing device can initiate a power on self test (POST) and access the boot loader on the secure digital media.
  • the boot loader initiates the start-up sequence for the postage system.
  • POST power on self test
  • the start-up sequence for the postage system can include accessing a first partition of the secure digital media to authenticate the secure digital media and/or the computing device.
  • the start-up sequence can include authenticating the secure digital media using a signed secure digital media identification (in this example, the client certification).
  • the start-up sequence can include authenticating the computing device using a signed computing device identification (in this example, the host authentication).
  • the start-up sequence can initiate a partition emulator module to enable access to partitions 1 , 2, and 3.
  • the partitions arc encrypted and the partition emulator enables access to the encrypted partitions (e.g., decrypts parts or all of the encrypted partition for access, decrypts the accessed data on the partition at the time of the request for the data, etc.).
  • the partition emulator module decrypts the accessed files on the fly at the time of access.
  • the partition emulator module encrypts files for storage on the fly at the time of access.
  • the start-up sequence can access a third partition to start the operating system and the start-up sequence can turn control over to the operating system (i.e., the start-up sequence ends).
  • the operating system can control the computing device (e.g., memory management, hardware management, etc.) and/or provide an interface for other applications (e.g., the point of sale system, a web browser, a word processing application, etc.) to access the computing device.
  • Tine point of sale system can be started to enable a user interface for the sale and management of postage and/or any other type of good (e.g., gift card, etc.) and/or service (e.g., pre-paid mobile phone minutes, pre-paid mobile phone texts, etc.)-
  • the point of sale system can access the computing device via the operating system (e.g., request to access hardware, request to print postage, etc.) and/or can access the micro cash register (e.g., postage register, ticket register, etc.) via the micro cash access API (e.g., postage register API, ticket register API, etc.).
  • the micro cash register e.g., postage register, ticket register, etc.
  • the micro cash access API e.g., postage register API, ticket register API, etc.
  • the access to the micro cash register can be, for example, via requests to the micro cash access API and can include a request to debit an amount from the micro cash register, a request to audit the micro cash register, and/or a request to credit the micro cash register.
  • the point of sale system can access the micro cash access API stored on a second partition and the micro cash access API can access the micro cash register stored on the second partition.
  • a user accesses the postage system and purchases postage for an envelope via the point of sale system.
  • The. point of sale system requests that a debit entry be appended to the micro cash register via the micro cash access API.
  • the micro cash access API can verify the request for a debit entry (e.g., checks the syntax to ensure that the debit entry does not include any code: injection issue, checks the debit entry is within a certain range (e.g., not over S250), etc.).
  • the micro cash access API adds the debit entry-to the micro cash register (i.e., the total postage amount available in the postage system is reduced).
  • the point of sale system can print the postage via a printer:
  • the secure digital media including the boot loader and three partitions
  • the secure digital media can include any number of partitions (e.g., five partitions, seven partitions, etc.) and/or any type of
  • the secure digital media.ca include a third partition with the operating system, drivers, arid point of sale system and a fourth partition with any other programs (e.g., web browser, spreadsheet application, etc.).
  • the third partition can be read only to prevent the
  • FIG. 1 illustrates and describes a postage system
  • the components of FIG. 1 can be utilized in any type of micro cash system (e.g., ticket system, lottery system, etc.).
  • FIG. 2 is a diagram of another exemplary postage system.
  • the secure removable media is inserted into the media slot of the computing device (in this example, a personal computer).
  • the secure removable media includes a postage register system, a point of sale system, and an operating system.
  • the postage register system includes the signed computing device identification, the signed removable storage device identification, the postage register, and/or the postage register API.
  • the point of sale system includes the graphical user interface as illustrated in FIG. 2, components to access the postage register via the postage register API, and/or components to access the computing device, (e.g., printer, display, etc.) via the operating system.
  • the secure removable media advantageously includes the postage register system, the point of sale system, and the operating system in a single device, i.e., the secure removable media device, thereby enabling more efficient installation of the ultra-light postage system via the simply installation of the secure removable media in the computing device.
  • the computing device does not include any computer executable instructions to access the postage register.
  • the computing device can include a basic input/output system (BIOS) and/or other hardware level interfaces, but does not include an operating system and/or any user level application.
  • BIOS basic input/output system
  • the secure removable media advantageously includes the postage register system, the point of.sale system, and the operating system in a single device, i.e. the secure removable media device, thereby increasing the security of the ultra-light postage system by controlling all aspect of the management of the postage from the ultra-light postage system (e.g., control of the operating system, control of the printer drivers, control of the user interface, control ofthe postage register, etc.).
  • FIG. 3 is a diagram of another exemplary postage system.
  • the secure removable media is inserted into the media slot of the computing device (in thi example, a mobile device).
  • the computing device can communicate with a point of sale scrver ⁇ and/or a postage server via a network (e.g., a wireless network, a plurality of intcr-cohnectcd networks, etc.).
  • a network e.g., a wireless network, a plurality of intcr-cohnectcd networks, etc.
  • FIG. 4 is.a diagram of another exemplary postage system.
  • the postage system includes an enrollment device and a secure removable media.
  • the secure removable medians inserted into the media slot of the enrollment device for operation of the postage system.
  • the enrollment device can determine one or more parameters associated with a package (e.g., height, width, weight, destination, etc.).
  • the point of sale system stored on the secure removable media, can utilize the one or more parameters associated with the package to determine a postage value for delivery of the package.
  • the point of sale system can request the postage value from the postage register, stored on the secure removable media, via the postage register API.
  • the postage register can verify that the postage funds are available, add the debit entry, return a eonfirmation to the point of sale system, and/or print the postage to a printer (not shown) via a printer driver.
  • the point of sale system can print the postage to a printer (not shown) via a printer driver upon receipt of the confirmation froh the postage register.
  • FIG. 5 is a diagram of another exemplary postage system.
  • the postage system includes a computing device, an enrollment device, and a secure removable, media.
  • the secure removable media is inserted into the media slot of the computing device for operation of the postage system.
  • FIG. 6 is a diagram of another exemplary postage system.
  • the postage system includes a thin-client computing device, an enrollment device, and a secure removable media.
  • the secure removable media is inserted into the media slot of the enrollment device for operation of the postage system.
  • FIG. 7 is a diagram of an exemplary counter-service postage system.
  • the counter-service postage system includes an enrollment device and.a computing device.
  • T e enrollment device determines one or more parameters associated with a package and communicates the one or more parameters to the computing device.
  • a user utilizes a point of sale system on the computing device to determine postage for the package based on the one or more parameters.
  • FIG. 8 is a diagram of an exemplary self-service postage system.
  • the self-service postage system includes an enrollment device and a computing device.
  • the enrollment device determines one or more parameters associated with a package and communicates the one or more parameters to the computing device.
  • a user (not shown) utilizes a point of sale system on the computing device to determine postage for the package based on the one or more parameters.
  • FIG. 9 is a diagram of another exemplary postage system.
  • the postage system includes one or more computing devices, a postage server, a point of sale server, and a tracking server.
  • the one or more computing devices, the postage server, the point of sale server, and/or the tracking server communicate via a network (e.g., a wireless network, a plurality of inter-connected networks, etc.).
  • a network e.g., a wireless network, a plurality of inter-connected networks, etc.
  • the postage server can remotely manage the postage registers for the one or more computing device.
  • the remote management. can include an authorization for a postage credit (i.e., adding value to the postage register for a computing device), an audit of the postage register, an authorization of a computing device to operate a postage system, a backup of the postage register of a computing device, a restore of the postage register to a computing device, and/or any other types of remote management for a computing device.
  • the point of sale server can provide updates to the point of sale systems and/or operating systems on the one or more computing devices.
  • the point of sale server can remotely upgrade the operating systems on the one or more computing devices.
  • the point of sale server can remotely upgrade the graphical user interface on the one or more computing devices.
  • the tracking server can track packages for the postage, system and/or can provide tracking information to the one or more computing devices.
  • the tracking server and/or the point of sale server can communicateWith other third party servers.
  • the tracking server can synchronize its tracking information with a centralized mail server operated by a postage operator (e.g., United States Postal Server, Singapore Post Limited, private delivery service, etc.).
  • a postage operator e.g., United States Postal Server, Singapore Post Limited, private delivery service, etc.
  • the tracking server can synchronize with a database (e.g., an Oracle database available from Oracle Corporation of Redwood Shores, California, a SAP application available from SAP America Inc. of Newtown Square, Pennsylvania, etc.) operated by the postal operator.
  • FIG. 10 is a diagram of an exemplary computing device.
  • the computing device includes various modules and or devices utilized to operate the computing device.
  • the modules and/or devices can be hardware and/or software (e.g., instructions stored on a secure removable media device, instructions downloaded from an authenticated postage server, etc.).
  • the modules and/or devices illustrated in the computing device can, for example, utilize the processor to execute computer executable instructions and/or include a processor to execute computer executable instructions (e.g., an encryption processing unit, a field programmable gate array processing unit, etc.).
  • the computing device can include, for example, other modules, devices, and/or processors known in the art and/or varieties of the illustrated modules, devices, and/or processors.
  • modules and/or devices illustrated in the computing device can be located within the computing device and/or connected to the computing device (e.g., directly, indirectly, etc.), but outside of the physical components of the computing device (e.g., personal computer, mobile device, etc.).
  • the communication module communicates information and/or data to/from the computing device.
  • the postage register module manages access to a postage register.
  • the postage register module can append an entry to the postage register based on an append request from the point of sale module and/or a postage server.
  • the postage register module can determine available postage from the postage register based on an available postage request from the point of sale module and/or the postage server.
  • the postage register module can audit the postage register based on an audit request from the point of sale module and/or the postage server.
  • the postage register module can credit postage to the postage register based on an add postage request from the postage server (e.g., after authentication of the postage server, etc.).
  • FIG. 10 illustrates a postage register module
  • the computing device can include a micro cash register module that includes. functionality similar to the postage register module.
  • the point of sale module requests access to the postage register via the postage register module and requests access to the computing device via the operating system module.
  • the point of sale module can include the user interface to a point of sale system.
  • the point of sale module can operate to enable the purchase of postage for an object (e.g., package, envelope, etc.) via a graphical user interface as illustrated in FIG. 2.
  • FIG. 10 illustrates a point of sale module
  • the computing device can include a user interface module that includes functionality similar to the point of sale module.
  • the operating system module controls (e.g., manages, operates components, etc.) the computing device.
  • the operating system module can include one or more operating system components utilized to host.
  • computing applications e.g., drivers, point of sale system, postage system, etc.
  • offer services to the computing applications and/or the users of the computing device e.g., via an application programming interface, via a system call, etc.).
  • the driver module controls one or more external devices based on one or more drivers.
  • the driver module includes instructions to control a printer for printing postage based on authorized postage requests.
  • the driver module can include the
  • the partition emulator module enables access to the encrypted postage system (e.g., stored on a partition of a removable storage device), the encrypted point of sale, system (e.g., stored on a partition of a removable storage device), and/or the encrypted operating system (e.g., stored on a partition of a removable storage device).
  • the partition emulator module can authenticate the computing device based on a signed computing device identification stored on the removable storage device.
  • the partition emulator module can authenticate the secure removable media device based on a signed removable storage device identification stored on the removable storage device.
  • the partition emulator module can decrypt the encrypted postage system, the encrypted point of sale system, and/or the encrypted operating system based on the authentication of the computing device and/or the authentication of the secure removable media device.
  • the display device displays information and/or data associated with the computing device (e.g., status information, postage information, graphical user interface, etc.).
  • the output device outputs infonnation and/or data associated with the computing device (e.g., information to a printer (not shown), information to a speaker, etc.).
  • the input device receives information associated with the computing device (e.g., instructions from a user, instructions from another computing device, etc.) from a user (not shown) and/or another computing system (not shown).
  • the input device can include, for example, a keyboard, a scanner, an enrollment device, a scale, etc.
  • the processor executes the operating system and/or any other computer executable instructions for the computing device (e.g., executes applications, executes the postage system, etc.).
  • the random access, memory temporarily stores the postage system, the operating system, the point of sale system, and/or any other data associated with the computing device.
  • the random access memory can include one or more levels of memory storage (e.g., processor register, storage disk cache, main memory, etc.).
  • the removable storage device stores the postage system, the operating system, the point of sale system, and/or any other data associated with the computing device.
  • the storage device can include a plurality of storage devices.
  • the removable storage device can include, for example, long-term storage (e.g., a hard drive, a tape storage device, flash memory, etc.), short-term storage (e.g., a random access memory, a graphics memory, etc.), and/or any other type of computer readable storage.
  • the removable storage device is the secure removable media device described herein.
  • FIG. 1 1 illustrate exemplary postage.
  • the postage can include a postage stamp indicia, a printed postage stamp, a barcode, and/or any other type of postage indication.
  • the postage system described herein can print any type of postage.
  • FIG. 12 is a flowchart of an exemplary boot process of a computing device. A user and/or a remote control system power on the computing device. The computing device loads the boot loader from the secure removable media device. The boot loader accesses a first partition on the secure removable media device to execute a partition emulator module. The partition emulator module to authenticate the removable storage device and the computing device. If the removable storage device does not pass the authentication process, the boot-up process ends.
  • FIG. 13 is a diagram of an exemplary process for accessing an encrypted partition. After authentication of the removable storage device identification with the signed removable storage device identification and the signed computing, device identification with the device identification, the partition emulator module enables data access to partition 3 to the operating system module for operation of the postage system. As illustrated in FIG. 12, the partition emulator module does not enable access to partition 3 to the operating system module unless the authentication is successful.
  • the partition emulator module generates the removable storage device identification based on information associated with the removable storage device (e.g., a hash function of the data stored on the removable storage device, a hash function of the first two million bytes stored on the removable storage device, a unique identification code and/or function stored on the removable storage device, an one-way encryption key stored on the removable storage device, a serial number of the removable storage device, one or more serial numbers of the internal components of the removable storage device, etc.).
  • information associated with the removable storage device e.g., a hash function of the data stored on the removable storage device, a hash function of the first two million bytes stored on the removable storage device, a unique identification code and/or function stored on the removable storage device, an one-way encryption key stored on the removable storage device, a serial number of the removable storage device, one or more serial numbers of the internal components of the removable storage device, etc.
  • the partition emulator module generates the computing device identification based on information associated with the computing device (e.g., a media access control (MAC) address of the computing device network card, a processor identification of the computing device processor, an identification number associated with a BIOS of the computing device, a combination of the component identifications of the computing device, a connected network identification, a router/gateway network address, a network address of the computing device, etc. ).
  • information associated with the computing device e.g., a media access control (MAC) address of the computing device network card, a processor identification of the computing device processor, an identification number associated with a BIOS of the computing device, a combination of the component identifications of the computing device, a connected network identification, a router/gateway network address, a network address of the computing device, etc.
  • FIG. 14 is a flowchart of an exemplary postal register access process.
  • the partition emulator module enables access to the postage register via the postage register API.
  • the access to the postage register includes appending to the register logs to debit a postage transaction (e.g., Postage, Debit, S0.45, 10/23/2008, 08:32.12), accessing the register logs to determine available postage, auditing the postage logs to ensure that the postage logs are accurate and complete; and/or crediting postage to the register logs.
  • Postage, Debit, S0.45, 10/23/2008, 08:32.12 accessing the register logs to determine available postage, auditing the postage logs to ensure that the postage logs are accurate and complete; and/or crediting postage to the register logs.
  • Table 1 illustrates an exemplary micro cash register.
  • the micro cash register module e.g., the postage register module
  • the micro cash server e.g., the postage server
  • the micro cash register module can access the micro cash register to determine the available funds.
  • the credits are added and the debits are subtracted to determine the available funds -- $484.98.
  • the micro cash register module and/or the micro cash server can access the micro cash register to audit the micro cash logs.
  • the micro cash register module and/or the micro cash server analyzes the micro cash logs and Hags the redundant register identifications (i.e., two register identifications of 0000456).
  • the micro cash register module and/or the micro cash server analyzes the micro cash logs and flags the out of sequence transactions (i.e., 0000456 at 09:50.21 and then 0000456 at 09:48.12). In these examples, the micro cash register can be fixed to correct the discrepancies.
  • Table 2 illustrates an exemplary audited micro cash register that is corrected by the micro cash register module and/or the micro cash server to correct the discrepancies. Since the micro cash register is read / append only, the fix is appended to the end of the micro cash register.
  • the micro cash register module and/or the micro cash server can access the micro cash register to determine the available funds (ailer the fix to the register).
  • the credits arc added, the debits arc subtracted, and the register identifications of 0000456 arc voided (e.g., not added or subtracted) to determine the available funds ⁇ $49.98.
  • FIG. 15 is a diagram of an exemplary process for accessing a postage register.
  • the partition emulator module After authentication of the removable storage device identification with the signed removable storage device identification and the signed computing device identification with the device identification, the partition emulator module enables data access to partition 3 to the operating system module for operation of the postage system and append / read data access of partition 2 to the postage register module. As illustrated in FIG. 14, the partition emulator module does not enable access to partitions 2 and 3 to the postage register module and the operating system module, respectively, unless the authentication is successful.
  • FIG. 16 is a flowchart of an exemplary register update process.
  • the partition emulator module After the removable storage device and the computing device are authenticated, the partition emulator module enables access to the postage register.
  • the postage register module can communicate with the postage server via the communication module to update the register (e.g., add postage funds) and/or backup the postage register (e.g., for backup purposes, for audit purposes, etc.).
  • the register update and/or backup can be verified to ensure that the update and/or backup is authenticate (e.g., the
  • the postage register module transmits a complete backup and/or a partial backup (e.g., snapshot, incremental, etc.) of the postage register to the postage server and/or a backup server.
  • the postage register module can, for example, transmits a continuous backup of the postage register to the postage server and/or a backup server (i.e., every transaction is replicated to the postage server).
  • the postage register module transmits a daily backup to the postage server. If the computing device and or the removable media device fail, the backup can be utilized to restore the postage system.
  • the postage register includes a set credit limit. For example, if the computing device cannot request a credit (e.g., network outage, server failure, etc.), the postage register continues to allow debits up to a set credit limit. In this example, after the computing device reconnects to the postage server, the postage register is credited the necessary amount to correct any deficiencies in the account balance.
  • Table 3 illustrates an exemplary postage. register that illustrates the usage of a credit limit. As illustrated, after the computing device re-connects with the postage server, the credit limit is removed and the postage register is credited with postage. Table 3. Exemplary Postage Register
  • FIG. 17 is a diagram of an exemplary process for updating an encrypted register.
  • the partition emulator module After authentication of the removable storage device identification with the signed removable storage device identification and the signed computing device identification with the device identification, the partition emulator module enables append / read data access to partition 2 to the postage register module. As illustrated in FIG. 1 , the partition emulator module does not enable access to partition 2 to the postage register module unless the authentication is successful. In some examples, the partition emulator module does not allow any application and/or process to delete data of the postage register. In other examples, the partition that includes the postage register is set for write once only (i.e., data cannot be deleted or modified after the data is written to the partition).
  • Table 4 illustrates a postage register and exemplary postage debits and updates. Tabic 4. Exemplary Postage Register
  • FIG. 18 is a flowchart of an exemplary authorization process. If the computing device is not authenticated, the partition emulator module communicates with the postage server to authorize the computing device.
  • the authorization process utilizes a secure
  • the authorization process can, for example, transport layer security (TLS), secure sockets layer (SSL), a public/private key encryption protocol, and/or any other type of bilateral security mechanism.
  • TLS transport layer security
  • SSL secure sockets layer
  • the computing device and the postage server can connect utilizing TLS and then a user inputs information associated with the user's business (e.g., business name, business address, business authorization key, etc.).
  • the postage server verifies the information associated with the user's business and determines information associated with the computing device (e.g., network address, processor serial number, etc.).
  • the postage server generates a signed computing device identification based on the information associated with the computing device and communicates the signed computing device identification to the computing device for storage.
  • the authentication of the removable storage device can ensure that the information stored on the removable storage device does not include unauthorized modifications (e.g., unauthorized modifications to the postage register, unauthorized modifications to the postage register application programming interface (API), unauthorized modifications to the operating system, etc.).
  • unauthorized modifications e.g., unauthorized modifications to the postage register, unauthorized modifications to the postage register application programming interface (API), unauthorized modifications to the operating system, etc.
  • the authentication of the computing device can ensure that the removable storage device is not utilized in a computing device that is not authorized to operate the postage system (e.g., unauthorized copies of the postage system, unauthorized hardware modifications, etc.).
  • Table 5 illustrates exemplary signed removable media device identifications and the authentication of the identifications.
  • Table 6 illustrates exemplary signed computing device identi fications and the authentication of the identifications.
  • FIG. 19 is a diagram of an exemplary computer device setup process.
  • the end user receives the computing device from a computing device provider (e:g., computing device manufacturer, computing device re-seller, etc.) and receives the secure removable media from the postage provider.
  • the end user assembles these components and authorizes the usage of the postage system via a.postage server associated with the postage provider.
  • the end user calls a call server center associated with the postage provider and receives an authorization code for the operation of the postage server (e.g., via a challenge sequence of codes, etc.).
  • 00117J CT Patent Publication WO 2009/070696 is directed to various examples of the enrollment device and methods related thereto.
  • PCT Patent Application No. PCT/US2009/051412, filed on 7/22/2009 is directed to various examples of the point of sale system and methods related thereto. The entirety of both applications are incorporated by reference herein.
  • the above-described systems and methods can be implemented in digital electronic circuitry, in computer hardware, firmware, and/or software.
  • the implementation can be as a computer program product (i.e., a computer program tangibly embodied in an information carrier).
  • the implementation can, for example, : be in a machine-readable storage device, for execution by, or to control the operation of, data processing apparatus.
  • the implementation can, for example, be a programmable processor, a computer, and/or multiple computers.
  • a computer program can be written in any form of programming language, including compiled and/or interpreted languages, and the computer program can be deployed in any form, including as a stand-alone program or as a subroutine, clement, and/or other unit suitable for use in a computing environment.
  • a computer program can be deployed to be executed on one computer or on multiple computers at one site.
  • Method steps can be performed by one or more programmable processors executing a computer program to perform functions of the invention by operating on input data and generating output. Method steps can also be erformed by and an apparatus can be implemented as special purpose logic circuitry.
  • the circuitry can ⁇ for example, be a FPGA (field programmable gate array) and/or an ASIC
  • Modules, subroutines, and software agents can refer to portions of the computer program, the processor, the special circuitry, software, and/or hardware that implements that functionality.
  • processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer.
  • a processor receives instructions and data from a read-only memory or a random access memory or both.
  • the essential elements of a computer are a processor for " executing instructions and one or more memory devices for storing instructions and data.
  • a computer can include, can be operatively coupled to receive data from and/or transfer data to one or more mass storage devices for storing data (e.g., magnetic ⁇ magneto-optical disks, or optical disks).
  • instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices.
  • the information carriers can, for example, be EPROM, EEPROM, flash memory devices, magnetic disks, internal hard disks, removable disks, magneto-optical disks, CD-ROM, and/or DVD-ROM disks.
  • the processor and the memory can be supplemented by, and/or incorporated in special purpose logic circuitry.
  • the display device can, for example, be a cathode ray tube (CRT) and/or a liquid crystal display (LCD) monitor.
  • CTR cathode ray tube
  • LCD liquid crystal display
  • the interaction with a user can, for example, be a display of information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the computer (e.g., interact with a user interface element).
  • Other kinds of devices can be used to providc.for interaction with a user.
  • Other devices can, for example, be feedback provided to the user in any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback).
  • Input from the user can, for example, be received in any form, including acoustic, speech, and/or tactile input.
  • the above described techniques can be implemented in a distributed computing system that includes a back-end component.
  • the back-end component can, for example, be a data server, a middleware component, and/or an application server.
  • the above described techniques can be implemented in a distributing computing system that includes a front-end component.
  • the front-end component can, for example, be a client computer having a graphical user interface, a Web browser through which a user can interact with an example implementation, and/or other graphical user interfaces for a transmitting device.
  • the components of the system can be. interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network (LAN), a wide area network (WAN), the Internet, wired networks, and/or wireless networks.
  • LAN local area network
  • WAN wide area network
  • the Internet wired networks, and/or wireless networks.
  • Packet-based networks can include, lor example, the Internet, a carrier internet protocol (II 1 ) network (e.g., local area network (LAN), wide area network (WAN), campus area network (CAN), metropolitan area network (MAN), home area network (HAN)), a private IP network, an IP private branch exchange (IPBX),. a wireless network (e.g., radio access network (RAN), 802.1 1 network, 802.
  • II 1 carrier internet protocol
  • LAN local area network
  • WAN wide area network
  • CAN campus area network
  • MAN metropolitan area network
  • HAN home area network
  • IPBX IP private branch exchange
  • a wireless network e.g., radio access network (RAN), 802.1 1 network, 802.
  • Circuit-based networks can include, for example, the public switched telephone network (PSTN), a private branch exchange (PBX), a wireless network (e.g., RAN, bluetooth, code-division multiple access (CDMA) network, time division multiple access (TDMA) network, global system for mobile communications (GSM) network), and/or other circuit-based networks.
  • PSTN public switched telephone network
  • PBX private branch exchange
  • CDMA code-division multiple access
  • TDMA time division multiple access
  • GSM global system for mobile communications
  • the computing device can include, for example, a computer, a computer with a browser device, a telephone, an IP phone, a mobile device (e.g., cellular phone, personal digital assistant (PDA) device, laptop computer, electronic mail device), and/or other communication devices.
  • the browser device includes, for example, a computer (e.g., desktop computer, laptop computer) with a world wide web browser (e.g., Microsoft® Internet Explorer® available from Microsoft Corporation, Mozilla® Firefox available from Mozilla Corporation).
  • the mobile computing device includes, for example, a personal digital assistant (PDA).
  • PDA personal digital assistant

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Described are computer-based methods and apparatuses, including computer program products, for an ultra-light postage system. In some examples, the ultra-light postage system includes a secure removable media device. The secure removable media device can include a postage register system, an operating system, and a point of sale system. The postage register system can manage access to a postage register. The operating system can control a computing device. The point of sale system can request access to the postage register via the postage register system and request access to the computing device via the operating system.

Description

ULTRA-LIGHT POSTAGE SYSTEM
CROSS REFERENCE TO RELATED APPLICATIONS
[00011 The present application claims the benefit of priority under 35 U.S.C. §11 (e) from U.S. Provisional Patent Application Serial Number 61/386,259 filed September 24,-2010, the entire contents of which are incorporated herein by reference.
BACKGROUND
[0002] The present disclosure relates generally to computer-based methods and apparatuses, including computer program products, for an ultra-light postage system.
SUMMARY
[0003 J An approach to an ultra-light postage system is a secure removable media device. The secure removable media device includes a postage register system configured to manage access to a postage register; an operating system configured to control a computing device; and a point of sale system configured to request access to the postage register via the postage register system, and request access to the computing device via the operating system.
[0004] Another approach to an ultra-light postage system is a secure removable media device. The secure removable media device includes instructions being operable to cause a computing device to authenticate the secure. removable media device based on a signed removable storage device identification stored on the secure removable media device; authenticate the computing device based on a signed computing device identification stored on the secure removable mcdia device; manage access to a postage register, the instructions being operable to cause the computing device to manage access to the postage register being stored on the secure removable media device; and control the computing device, the instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device. [0005] Another approach to an ultra-light postage system is a system. The system includes a computing device configured to control one or more computerized components; and a secure removable media device that includes a postage register module configured to manage access to a postage register; an operating system module configured to control the computing device; and a point of sale module configured to request access to the postage register via the postage register module, and request access to the computing device via the operating system module.
(0006| Another approach to an. ultra-light postage system is a method. The method includes authenticating a secure removable media device based on a signed removable storage device identification stored on the secure removable media device; authenticating a computing device based on a signed computing device identification stored on the secure removable media device; managing access to a postage register based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof; and controlling the computing device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
|0007j Another approach to an ultra-light postage system is a method. The method includes receiving a computing device from a computing device provider; receiving a removable storage media device from a postage provider; assembling the computing device and the removable storage media device; and authorizing the ultra-light postage system via a postage authentication server.
|0008] Another approach to an ultra-light micro cash system is a secure removable media device. The secure removable media device includes means for managing access to a postage register; means for controlling a computing device; means for requesting access to the postage register via the postage register system, and means for requesting access to the computing device via the operating system. |0009J Another approach to an ultra-light micro cash system is a secure removable media device. The secure removable media device includes a micro cash system configured to manage access to a micro cash register; an operating system configured to control a computing device; and a user interface system conf^red to request access to the micro cash register via the micro cash system, and request access to the computing device via the operating system.
|0010j Another approach to an ultra-light micro cash system is a secure removable media device. The secure removable media device includes instructions being operable to cause a computing device to authenticate the secure removable media device based on a signed removable storage device identification stored on the secure removable media device; authenticate the computing device based on a signed computing device identification stored on the secure removable media device; manage access to a micro cash register, the instructions being operable to cause the computing device to manage access to the micro cash register being stored on the secure removable media device; and control the computing device, the instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device.
[001 11 Another approach to an ultra-light micro cash system is a system. The system includes a computing device configured to control one or more computerized components; and a secure removable media device including a micro cash register module configured to manage access to a micro cash register; an operating system module configured to control the computing device; and a user interface module configured to request access to the micro cash register via the micro cash module, and request access to the computing device via the operating system module.
|0012j Another approach to an ultra-light micro cash system is a method. The method includes authenticating a secure removable media device based on a signed removable storage device identification stored on the secure removable media device; authenticating a computing device based on a signed computing device identification stored on the secure removable media device; managing access to a micro cash register based on the authentication of the. secure removable media device, the authentication of the computing device, or any combination thereof; and controlling the computing device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof. |00 I3) Another approach to an ultra-light micro cash system is a method. The method includes receiving a computing device from a computing device provider; receiving a removable storage media device from a micro cash provider; assembling the computing device and the removable storage media device; and authorizing the ultra-light micro cash system via a micro cash authentication server.
| 14| In other examples, any of the approaches above can include one or more of the following features.
|0015] In some examples, the secure removable media device further includes a partition emulator system configured to enable access to the postage register system, the point of sale system, the operating system, or any combination thereof.
(0016| In other examples, the secure removable media device.further. includes a partition emulator system configured to authenticate the computing device based on a signed computing device identification stored on the secure removable media device.
(0017] In some examples, the postage register system is encrypted, the point of sale system is encrypted, and/or the operating system is encrypted; and the secure removable media device further includes the partition emulator system configured to decrypt the postage register system, the point of sale system, the operating system, or any combination thereof based on the authentication of the computing device. |00I8] In other examples, the secure removable media device further includes a partition emulator system configured to authenticate the secure removable media device based on a signed removable storage device identification stored on the secure removable media device.
[0019] In some examples, the postage register system is encrypted, the point of sale system is encrypted, and/or the operating system is encrypted; and the secure removable media device further includes: the partition emulator system configured to decrypt the postage register system, the point ofsalc system, the operating system, or any combination thereof based on the authentication of the secure removable media device.
|0020] In other examples, the secure removable media device further includes a partition emulator system configured to modify a signed computing device identification based on an update request from.an authentication server. [0021 ] In some examples, the secure removable media device further includes the partition emulator system further configured to encrypt the postage register system, the point of sale system, the operating system, or any combination thereof based on the modi fied signed computing device identification.
|0022] In other examples, the secure removable media device further includes the postage register system further configured to append an entry to the postage register based on an append request from the point of sale system.
|0023] In some examples, the secure removable media . device further includes the postage register system further configured to determine available postage from the postage register based on an available postage request from the point of sale system.
[0024| In other examples, the secure removable media device further includes the postage register system further configured to audit the postage register based on an audit request from the point of sale system.
[0025] In some examples, the secure removable media device further includes the postage register system further configured to credit postage to the postage register based on an authenticated add postage request from an authenticated postage server.
|0026| In other examples, the secure removable media device further includes a boot loader configured to execute instructions to initiate a start-up sequence of the computing device.
|0027J In some examples, the secure removable media. device includes a secure digital memory card.
|0028) In other examples, the secure removable media device includes a compact flash memory card, a secure universal serial bus memory device, a multimedia memory card, a memory stick device, an extreme digital memory card, or any combination thereof.
[0029) In some examples, the secure removable media device further include instructions being operable to cause the computing device to enable access to the postage register based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof. |0030) In other examples, the secure removable media device further includes instructions being operable to cause the computing device to enable access to the secure removable media device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
10031 J In some examples;, the system further includes a printer for printing postage based on an authorized postage request.
|0032 j In other examples, the system further includes the postage register module further configured to debit the postage register based on the authorized postage request.
|0033) In some examples, the computing device includes no computer executable instructions to access the postage register.
|0034| In other examples, the system further includes an enrollment device for determining one or more, postage parameters associated with an object.
[0035] In some examples, the system further includes the point of sale module further con figured to generate an authorized postage request based on the one or more postage parameters.
|0036) In other examples, the instructions being operable to cause the computing device to manage access to the postage register being stored on the secure removable media device.
|0037| In some examples, the instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device.
[0038J In other examples, the computing device includes no computer executable instructions to access a postage register associated with the ultra-light postage system.
|0039j The ultra-light postage system technique's described herein can provide one or more of the following advantages. An advantage to the ultra-light postage system is that the secure postage register and the other operating system components are integrated into a single secure removable storage device, thereby reducing the additional expense of separate devices and increasing the efficiency of the postage system via the integrated system. |0040] Other aspects and advantages of the present invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating the principles of the invention by way of example only.
BRIEF DESCRIPTION OF THE DRAWINGS
(0041 J The foregoing and other objects, features, and advantages of the present invention, as well as the invention itself, will be more fully understood from the following description of various embodiments, when read together with the accompanying drawings.
|0042| FIG. 1 is a diagram of an exemplary postage system;
|0043] FIG. 2 is a diagram of another exemplary postage system;
|0044] FIG. 3 is a diagram of another exemplary postage system;
|0045] FIG. 4 is a diagram of another exemplary postage system;
[0046] FIG. 5 is a diagram of another exemplary postage system;
|0047| FIG. 6 is a diagram of another exemplary postage system;
|0048| FIG. 7 is a diagram of an exemplary counter-service postage system;
|0049] FIG. 8 is a diagram of an exemplary self-service postage system;
[0050] FIG. 9 is a diagram of another exemplary postage system;
[00511 FIG. 10 is a diagram of an exemplary computing device;
[0052] FIG. 1 1 illustrate exemplary postage;
| 0053| FIG. 12 is a flowchart of an exemplary boot process;
[0054| FIG. 13 is a diagram of an exemplary process for accessing an encrypted partition;
|0055| FIG. 14 is a flowchart of an exemplary postage register access process;
[0056| FIG. 15 is a diagram of an exemplary process for accessing a postage register;
[0057] FIG. 16 is a flowchart of an exemplary register update process;
[0058| FIG. 17 is a diagram of an exemplary process for updating an encrypted register;
|0059] FIG. 18 is a flowchart of an exemplary authorization process; and |0060| FIG. 19 is a diagram of an exemplary computer device setup process.
DETAILED DESCRIPTION
|.006'1] In general overview, an ultra-light postage system includes a secure removable media device (e.g., a secure digital memory card, a compact flash memory card, a removable storage device, etc.) that stores a postage register system (e.g., a postage register, a postage register application programming interface (API), etc.), an operating system (e.g., a system call, a hardware, interface, a kernel, etc.), and/or a point of sale system (e.g., a graphical user interface, an accounting functionality, an interface to the operating system, an interface to the postage- register API, etc.). The secure removable media device can be utilized with a computing device (e.g., a personal computer, a mobile device, an enrollment device, etc.) to operate the ultra-light postage system (e.g., purchase of postage for a package, credit postage to the system, print postage, track packages, etc.). The ultralight postage system advantageously enables the secure operation of postage system utilizing a secure removable media device which increases.the efficiency of distributing postage systems across an organization (e.g., national post offices, frahchised postal company stores, etc.) by reducing the security and administrative complexity of a postage system with a postage register system that is separate and distinct from the other components of the system.
100621 The ultra-light postage system described herein can, for example, meet and or exceed postage evidence requirements and/or postage evidence security requirements associated with a postal service (such as the United Stated Postal Service) via the secure removable media device and the secure postage register system included thereon. For example, the ultra-light postage system meets and/or exceeds the security requirements described in the United States Postal Service Information-Based Indicia Program described in Performance Criteria And Security Architecture For Open IB I Postage Evidencing System, USPS-I-3195, February 23, 2000. The ultra-light postage system can enable the integration of a postal security device directly into the ultra-light postage system via the secure removable media device, thereby advantageous decreasing the cost of the ultra-light postage system by reducing the required components of the system, i.e., a separate postal security device with its own processor which is separate and distinct from the processor of the computing device is not required.
|0063| FIG. 1 is a diagram of an exemplary postage system. The secure digital media is inserted into the media slot of the computing device (in this example, a laptop computer). The computing device can initiate a power on self test (POST) and access the boot loader on the secure digital media. The boot loader initiates the start-up sequence for the postage system.
|0064J The start-up sequence for the postage system can include accessing a first partition of the secure digital media to authenticate the secure digital media and/or the computing device. The start-up sequence can include authenticating the secure digital media using a signed secure digital media identification (in this example, the client certification). The start-up sequence can include authenticating the computing device using a signed computing device identification (in this example, the host authentication).
[0065] Upon authentication of the secure digital media and the computing, device, the start-up sequence can initiate a partition emulator module to enable access to partitions 1 , 2, and 3. In some examples, the partitions arc encrypted and the partition emulator enables access to the encrypted partitions (e.g., decrypts parts or all of the encrypted partition for access, decrypts the accessed data on the partition at the time of the request for the data, etc.). For example, the partition emulator module decrypts the accessed files on the fly at the time of access. As another example, the partition emulator module encrypts files for storage on the fly at the time of access.
[0066| The start-up sequence can access a third partition to start the operating system and the start-up sequence can turn control over to the operating system (i.e., the start-up sequence ends). The operating system can control the computing device (e.g., memory management, hardware management, etc.) and/or provide an interface for other applications (e.g., the point of sale system, a web browser, a word processing application, etc.) to access the computing device.
|0067| Tine point of sale system can be started to enable a user interface for the sale and management of postage and/or any other type of good (e.g., gift card, etc.) and/or service (e.g., pre-paid mobile phone minutes, pre-paid mobile phone texts, etc.)- The point of sale system can access the computing device via the operating system (e.g., request to access hardware, request to print postage, etc.) and/or can access the micro cash register (e.g., postage register, ticket register, etc.) via the micro cash access API (e.g., postage register API, ticket register API, etc.). The access to the micro cash register can be, for example, via requests to the micro cash access API and can include a request to debit an amount from the micro cash register, a request to audit the micro cash register, and/or a request to credit the micro cash register. The point of sale system can access the micro cash access API stored on a second partition and the micro cash access API can access the micro cash register stored on the second partition.
|0068] For example, a user accesses the postage system and purchases postage for an envelope via the point of sale system. The. point of sale system requests that a debit entry be appended to the micro cash register via the micro cash access API. The micro cash access API can verify the request for a debit entry (e.g., checks the syntax to ensure that the debit entry does not include any code: injection issue, checks the debit entry is within a certain range (e.g., not over S250), etc.). The micro cash access API adds the debit entry-to the micro cash register (i.e., the total postage amount available in the postage system is reduced). Upon a confirmation from the micro cash access API, the point of sale system can print the postage via a printer:
|0069| Although FIG. 1 illustrates, the secure digital media including the boot loader and three partitions, the secure digital media can include any number of partitions (e.g., five partitions, seven partitions, etc.) and/or any type of
configuration of the partitions. For example, the secure digital media.ca include a third partition with the operating system, drivers, arid point of sale system and a fourth partition with any other programs (e.g., web browser, spreadsheet application, etc.). In this example, the third partition can be read only to prevent the
unauthorized modification of the operating system, drivers, and/or the point of sale system, and the fourth partition can be write/read to enable a user to install/operate other authorized programs. |0070] Although FIG. 1 illustrates and describes a postage system, the components of FIG. 1 can be utilized in any type of micro cash system (e.g., ticket system, lottery system, etc.).
|00711 FIG. 2 is a diagram of another exemplary postage system. The secure removable media is inserted into the media slot of the computing device (in this example, a personal computer). The secure removable media includes a postage register system, a point of sale system, and an operating system. In this example, the postage register system includes the signed computing device identification, the signed removable storage device identification, the postage register, and/or the postage register API. The point of sale system includes the graphical user interface as illustrated in FIG. 2, components to access the postage register via the postage register API, and/or components to access the computing device, (e.g., printer, display, etc.) via the operating system.
|0072j The secure removable media advantageously includes the postage register system, the point of sale system, and the operating system in a single device, i.e., the secure removable media device, thereby enabling more efficient installation of the ultra-light postage system via the simply installation of the secure removable media in the computing device.
[0073| In some examples, the computing device does not include any computer executable instructions to access the postage register. In other words, in some examples, the computing device can include a basic input/output system (BIOS) and/or other hardware level interfaces, but does not include an operating system and/or any user level application. The secure removable media advantageously includes the postage register system, the point of.sale system, and the operating system in a single device, i.e. the secure removable media device, thereby increasing the security of the ultra-light postage system by controlling all aspect of the management of the postage from the ultra-light postage system (e.g., control of the operating system, control of the printer drivers, control of the user interface, control ofthe postage register, etc.). The increased security of the ultra-light postage system and the ability to combine these components into a single device advantageously provides a compact and easy to setup and maintains ultra-light postage system. |0074] FIG. 3 is a diagram of another exemplary postage system. The secure removable media is inserted into the media slot of the computing device (in thi example, a mobile device). The computing device can communicate with a point of sale scrver^and/or a postage server via a network (e.g., a wireless network, a plurality of intcr-cohnectcd networks, etc.).
[0075) FIG. 4 is.a diagram of another exemplary postage system. The postage system includes an enrollment device and a secure removable media. The secure removable medians inserted into the media slot of the enrollment device for operation of the postage system. The enrollment device can determine one or more parameters associated with a package (e.g., height, width, weight, destination, etc.). The point of sale system, stored on the secure removable media, can utilize the one or more parameters associated with the package to determine a postage value for delivery of the package. The point of sale system can request the postage value from the postage register, stored on the secure removable media, via the postage register API. The postage register can verify that the postage funds are available, add the debit entry, return a eonfirmation to the point of sale system, and/or print the postage to a printer (not shown) via a printer driver. In other examples, the point of sale system can print the postage to a printer (not shown) via a printer driver upon receipt of the confirmation froh the postage register.
|0076j FIG. 5 is a diagram of another exemplary postage system. The postage system includes a computing device, an enrollment device, and a secure removable, media. The secure removable media is inserted into the media slot of the computing device for operation of the postage system.
|0077) FIG. 6 is a diagram of another exemplary postage system. The postage system includes a thin-client computing device, an enrollment device, and a secure removable media. The secure removable media is inserted into the media slot of the enrollment device for operation of the postage system.
|0078| FIG. 7 is a diagram of an exemplary counter-service postage system. The counter-service postage system includes an enrollment device and.a computing device. T e enrollment device determines one or more parameters associated with a package and communicates the one or more parameters to the computing device. A user utilizes a point of sale system on the computing device to determine postage for the package based on the one or more parameters.
[0079J FIG. 8 is a diagram of an exemplary self-service postage system. The self-service postage system includes an enrollment device and a computing device. The enrollment device determines one or more parameters associated with a package and communicates the one or more parameters to the computing device. A user (not shown) utilizes a point of sale system on the computing device to determine postage for the package based on the one or more parameters.
|0080| FIG. 9 is a diagram of another exemplary postage system. The postage system includes one or more computing devices, a postage server, a point of sale server, and a tracking server. The one or more computing devices, the postage server, the point of sale server, and/or the tracking server communicate via a network (e.g., a wireless network, a plurality of inter-connected networks, etc.).
[0081 J The postage server can remotely manage the postage registers for the one or more computing device. The remote management.can include an authorization for a postage credit (i.e., adding value to the postage register for a computing device), an audit of the postage register, an authorization of a computing device to operate a postage system, a backup of the postage register of a computing device, a restore of the postage register to a computing device, and/or any other types of remote management for a computing device.
100821 The point of sale server can provide updates to the point of sale systems and/or operating systems on the one or more computing devices. For example, the point of sale server can remotely upgrade the operating systems on the one or more computing devices. As another example, the point of sale server can remotely upgrade the graphical user interface on the one or more computing devices.
[0083| The tracking server can track packages for the postage, system and/or can provide tracking information to the one or more computing devices. The tracking server and/or the point of sale server can communicateWith other third party servers. The tracking server can synchronize its tracking information with a centralized mail server operated by a postage operator (e.g., United States Postal Server, Singapore Post Limited, private delivery service, etc.). For example, the tracking server can synchronize with a database (e.g., an Oracle database available from Oracle Corporation of Redwood Shores, California, a SAP application available from SAP America Inc. of Newtown Square, Pennsylvania, etc.) operated by the postal operator.
[0084) FIG. 10 is a diagram of an exemplary computing device. The computing device includes various modules and or devices utilized to operate the computing device. The modules and/or devices can be hardware and/or software (e.g., instructions stored on a secure removable media device, instructions downloaded from an authenticated postage server, etc.). The modules and/or devices illustrated in the computing device can, for example, utilize the processor to execute computer executable instructions and/or include a processor to execute computer executable instructions (e.g., an encryption processing unit, a field programmable gate array processing unit, etc.). It should be understood that the computing device can include, for example, other modules, devices, and/or processors known in the art and/or varieties of the illustrated modules, devices, and/or processors. It should be, understood that the modules and/or devices illustrated in the computing device can be located within the computing device and/or connected to the computing device (e.g., directly, indirectly, etc.), but outside of the physical components of the computing device (e.g., personal computer, mobile device, etc.).
[0085] The communication module communicates information and/or data to/from the computing device.
|0086) The postage register module manages access to a postage register. The postage register module can append an entry to the postage register based on an append request from the point of sale module and/or a postage server. The postage register module can determine available postage from the postage register based on an available postage request from the point of sale module and/or the postage server. The postage register module can audit the postage register based on an audit request from the point of sale module and/or the postage server. The postage register module can credit postage to the postage register based on an add postage request from the postage server (e.g., after authentication of the postage server, etc.).
Although FIG. 10 illustrates a postage register module, the computing device can include a micro cash register module that includes. functionality similar to the postage register module. (0087| The point of sale module requests access to the postage register via the postage register module and requests access to the computing device via the operating system module. The point of sale module can include the user interface to a point of sale system. For example, the point of sale module can operate to enable the purchase of postage for an object (e.g., package, envelope, etc.) via a graphical user interface as illustrated in FIG. 2. Although FIG. 10 illustrates a point of sale module, the computing device can include a user interface module that includes functionality similar to the point of sale module.
[0088| The operating system module controls (e.g., manages, operates components, etc.) the computing device. The operating system module can include one or more operating system components utilized to host. computing applications (e.g., drivers, point of sale system, postage system, etc.) and/or offer services to the computing applications and/or the users of the computing device (e.g., via an application programming interface, via a system call, etc.).
10089 J The driver module controls one or more external devices based on one or more drivers. For example, the driver module includes instructions to control a printer for printing postage based on authorized postage requests. In this example, the driver module can include the
|0090| The partition emulator module enables access to the encrypted postage system (e.g., stored on a partition of a removable storage device), the encrypted point of sale, system (e.g., stored on a partition of a removable storage device), and/or the encrypted operating system (e.g., stored on a partition of a removable storage device). The partition emulator module can authenticate the computing device based on a signed computing device identification stored on the removable storage device. The partition emulator module can authenticate the secure removable media device based on a signed removable storage device identification stored on the removable storage device. The partition emulator module can decrypt the encrypted postage system, the encrypted point of sale system, and/or the encrypted operating system based on the authentication of the computing device and/or the authentication of the secure removable media device. [00911 The display device displays information and/or data associated with the computing device (e.g., status information, postage information, graphical user interface, etc.).
[0092 J The output device outputs infonnation and/or data associated with the computing device (e.g., information to a printer (not shown), information to a speaker, etc.). The input device receives information associated with the computing device (e.g., instructions from a user, instructions from another computing device, etc.) from a user (not shown) and/or another computing system (not shown). The input device can include, for example, a keyboard, a scanner, an enrollment device, a scale, etc.
[0093| The processor executes the operating system and/or any other computer executable instructions for the computing device (e.g., executes applications, executes the postage system, etc.). The random access, memory temporarily stores the postage system, the operating system, the point of sale system, and/or any other data associated with the computing device. The random access memory can include one or more levels of memory storage (e.g., processor register, storage disk cache, main memory, etc.).
|0094| The removable storage device stores the postage system, the operating system, the point of sale system, and/or any other data associated with the computing device. The storage device can include a plurality of storage devices. The removable storage device can include, for example, long-term storage (e.g., a hard drive, a tape storage device, flash memory, etc.), short-term storage (e.g., a random access memory, a graphics memory, etc.), and/or any other type of computer readable storage. In some examples, the removable storage device is the secure removable media device described herein.
[0095| FIG. 1 1 illustrate exemplary postage. The postage can include a postage stamp indicia, a printed postage stamp, a barcode, and/or any other type of postage indication. The postage system described herein can print any type of postage. |0096| FIG. 12 is a flowchart of an exemplary boot process of a computing device. A user and/or a remote control system power on the computing device. The computing device loads the boot loader from the secure removable media device. The boot loader accesses a first partition on the secure removable media device to execute a partition emulator module. The partition emulator module to authenticate the removable storage device and the computing device. If the removable storage device does not pass the authentication process, the boot-up process ends. If the computing device docs not pass the authentication process, the partition emulator module initiates a computing device registration process with the postage server and reinitiate the authentication process upon completion of the computing device registration process. If the removable storage device and the computing device pass the authentication process, the partition emulator module enables data access of the encrypted files via the operating system (e.g., via calls from the operating system). (0097) FIG. 13 is a diagram of an exemplary process for accessing an encrypted partition. After authentication of the removable storage device identification with the signed removable storage device identification and the signed computing, device identification with the device identification, the partition emulator module enables data access to partition 3 to the operating system module for operation of the postage system. As illustrated in FIG. 12, the partition emulator module does not enable access to partition 3 to the operating system module unless the authentication is successful.
|0098| In some examples, the partition emulator module generates the removable storage device identification based on information associated with the removable storage device (e.g., a hash function of the data stored on the removable storage device, a hash function of the first two million bytes stored on the removable storage device, a unique identification code and/or function stored on the removable storage device, an one-way encryption key stored on the removable storage device, a serial number of the removable storage device, one or more serial numbers of the internal components of the removable storage device, etc.). In other examples, the partition emulator module generates the computing device identification based on information associated with the computing device (e.g., a media access control (MAC) address of the computing device network card, a processor identification of the computing device processor, an identification number associated with a BIOS of the computing device, a combination of the component identifications of the computing device, a connected network identification, a router/gateway network address, a network address of the computing device, etc. ).
|0099| FIG. 14 is a flowchart of an exemplary postal register access process. After the removable storage device and.the computing device arc authenticated, the partition emulator module enables access to the postage register via the postage register API. The access to the postage register includes appending to the register logs to debit a postage transaction (e.g., Postage, Debit, S0.45, 10/23/2008, 08:32.12), accessing the register logs to determine available postage, auditing the postage logs to ensure that the postage logs are accurate and complete; and/or crediting postage to the register logs.
(00100) Table 1 illustrates an exemplary micro cash register.
Table 1 . Exemplary Micro Cash Register
Figure imgf000020_0001
100101] The micro cash register module (e.g., the postage register module) and/or the micro cash server (e.g., the postage server) can access the micro cash register to determine the available funds. In this example, the credits are added and the debits are subtracted to determine the available funds -- $484.98.
|00102| The micro cash register module and/or the micro cash server can access the micro cash register to audit the micro cash logs. In this example, the micro cash register module and/or the micro cash server analyzes the micro cash logs and Hags the redundant register identifications (i.e., two register identifications of 0000456). As a further example, the micro cash register module and/or the micro cash server analyzes the micro cash logs and flags the out of sequence transactions (i.e., 0000456 at 09:50.21 and then 0000456 at 09:48.12). In these examples, the micro cash register can be fixed to correct the discrepancies. Table 2 illustrates an exemplary audited micro cash register that is corrected by the micro cash register module and/or the micro cash server to correct the discrepancies. Since the micro cash register is read / append only, the fix is appended to the end of the micro cash register.
Table 2. Exemplary Audited Micro Cash Register
Figure imgf000021_0001
|00103) As a further example, the micro cash register module and/or the micro cash server can access the micro cash register to determine the available funds (ailer the fix to the register). In this example, the credits arc added, the debits arc subtracted, and the register identifications of 0000456 arc voided (e.g., not added or subtracted) to determine the available funds ~ $49.98.
|00104]» FIG. 15 is a diagram of an exemplary process for accessing a postage register. After authentication of the removable storage device identification with the signed removable storage device identification and the signed computing device identification with the device identification, the partition emulator module enables data access to partition 3 to the operating system module for operation of the postage system and append / read data access of partition 2 to the postage register module. As illustrated in FIG. 14, the partition emulator module does not enable access to partitions 2 and 3 to the postage register module and the operating system module, respectively, unless the authentication is successful.
[00105] FIG. 16 is a flowchart of an exemplary register update process. After the removable storage device and the computing device are authenticated, the partition emulator module enables access to the postage register. The postage register module can communicate with the postage server via the communication module to update the register (e.g., add postage funds) and/or backup the postage register (e.g., for backup purposes, for audit purposes, etc.). The register update and/or backup can be verified to ensure that the update and/or backup is authenticate (e.g., the
update/backup is from the postage server and has not been modified, etc.).
|00106| In some examples, the postage register module transmits a complete backup and/or a partial backup (e.g., snapshot, incremental, etc.) of the postage register to the postage server and/or a backup server. The postage register module can, for example, transmits a continuous backup of the postage register to the postage server and/or a backup server (i.e., every transaction is replicated to the postage server). For example, the postage register module transmits a daily backup to the postage server. If the computing device and or the removable media device fail, the backup can be utilized to restore the postage system.
|00107| In other examples, the postage register includes a set credit limit. For example, if the computing device cannot request a credit (e.g., network outage, server failure, etc.), the postage register continues to allow debits up to a set credit limit. In this example, after the computing device reconnects to the postage server, the postage register is credited the necessary amount to correct any deficiencies in the account balance. Table 3 illustrates an exemplary postage. register that illustrates the usage of a credit limit. As illustrated, after the computing device re-connects with the postage server, the credit limit is removed and the postage register is credited with postage. Table 3. Exemplary Postage Register
Figure imgf000023_0001
[001081 FIG. 17 is a diagram of an exemplary process for updating an encrypted register. After authentication of the removable storage device identification with the signed removable storage device identification and the signed computing device identification with the device identification, the partition emulator module enables append / read data access to partition 2 to the postage register module. As illustrated in FIG. 1 , the partition emulator module does not enable access to partition 2 to the postage register module unless the authentication is successful. In some examples, the partition emulator module does not allow any application and/or process to delete data of the postage register. In other examples, the partition that includes the postage register is set for write once only (i.e., data cannot be deleted or modified after the data is written to the partition).
1001091 Table 4 illustrates a postage register and exemplary postage debits and updates. Tabic 4. Exemplary Postage Register
Figure imgf000024_0001
|001 10| FIG. 18 is a flowchart of an exemplary authorization process. If the computing device is not authenticated, the partition emulator module communicates with the postage server to authorize the computing device.
[001111 In some examples, the authorization process utilizes a secure
authentication process to ensure that the postage server has the authority to authorize the computing device. The authorization process can, for example, transport layer security (TLS), secure sockets layer (SSL), a public/private key encryption protocol, and/or any other type of bilateral security mechanism. For example, the computing device and the postage server can connect utilizing TLS and then a user inputs information associated with the user's business (e.g., business name, business address, business authorization key, etc.). In this example, the postage server verifies the information associated with the user's business and determines information associated with the computing device (e.g., network address, processor serial number, etc.). As a further example, the postage server generates a signed computing device identification based on the information associated with the computing device and communicates the signed computing device identification to the computing device for storage.
(00112] In some examples, the authentication of the removable storage device can ensure that the information stored on the removable storage device does not include unauthorized modifications (e.g., unauthorized modifications to the postage register, unauthorized modifications to the postage register application programming interface (API), unauthorized modifications to the operating system, etc.).
|001 13| In other examples, the authentication of the computing device can ensure that the removable storage device is not utilized in a computing device that is not authorized to operate the postage system (e.g., unauthorized copies of the postage system, unauthorized hardware modifications, etc.).
f 001 14] Table 5 illustrates exemplary signed removable media device identifications and the authentication of the identifications.
Table 5. Exemplary Removable Storage Device Authentication
Figure imgf000025_0001
|00115| Table 6 illustrates exemplary signed computing device identi fications and the authentication of the identifications.
Table 6. Exemplary Computing Device Authentication
Figure imgf000026_0001
[00116| FIG. 19 is a diagram of an exemplary computer device setup process. The end user receives the computing device from a computing device provider (e:g., computing device manufacturer, computing device re-seller, etc.) and receives the secure removable media from the postage provider. The end user assembles these components and authorizes the usage of the postage system via a.postage server associated with the postage provider. In other examples, the end user calls a call server center associated with the postage provider and receives an authorization code for the operation of the postage server (e.g., via a challenge sequence of codes, etc.). |00117J CT Patent Publication WO 2009/070696, is directed to various examples of the enrollment device and methods related thereto. PCT Patent Application No. PCT/US2009/051412, filed on 7/22/2009, is directed to various examples of the point of sale system and methods related thereto. The entirety of both applications are incorporated by reference herein.
[001 18] The above-described systems and methods can be implemented in digital electronic circuitry, in computer hardware, firmware, and/or software. The implementation can be as a computer program product (i.e., a computer program tangibly embodied in an information carrier). The implementation can, for example,: be in a machine-readable storage device, for execution by, or to control the operation of, data processing apparatus. The implementation can, for example, be a programmable processor, a computer, and/or multiple computers.
|001 19| A computer program can be written in any form of programming language, including compiled and/or interpreted languages, and the computer program can be deployed in any form, including as a stand-alone program or as a subroutine, clement, and/or other unit suitable for use in a computing environment. A computer program can be deployed to be executed on one computer or on multiple computers at one site.'
|00120] Method steps can be performed by one or more programmable processors executing a computer program to perform functions of the invention by operating on input data and generating output. Method steps can also be erformed by and an apparatus can be implemented as special purpose logic circuitry. The circuitry can^ for example, be a FPGA (field programmable gate array) and/or an ASIC
(application-specific integrated circuit). Modules, subroutines, and software agents can refer to portions of the computer program, the processor, the special circuitry, software, and/or hardware that implements that functionality.
|00121 J Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor receives instructions and data from a read-only memory or a random access memory or both. The essential elements of a computer are a processor for "executing instructions and one or more memory devices for storing instructions and data. Generally, a computer can include, can be operatively coupled to receive data from and/or transfer data to one or more mass storage devices for storing data (e.g., magnetic^ magneto-optical disks, or optical disks).
|00122] Data transmission and instructions can also occur over a communications network. Information carriers suitable for embodying computer program
instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices. The information carriers can, for example, be EPROM, EEPROM, flash memory devices, magnetic disks, internal hard disks, removable disks, magneto-optical disks, CD-ROM, and/or DVD-ROM disks. The processor and the memory can be supplemented by, and/or incorporated in special purpose logic circuitry.
1001231 To provide for interaction with a user, the above described techniques can be implemented on a computer having a display device. The display device can, for example, be a cathode ray tube (CRT) and/or a liquid crystal display (LCD) monitor. The interaction with a user can, for example, be a display of information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the computer (e.g., interact with a user interface element). Other kinds of devices can be used to providc.for interaction with a user. Other devices can, for example, be feedback provided to the user in any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback). Input from the user can, for example, be received in any form, including acoustic, speech, and/or tactile input.
(00124J The above described techniques can be implemented in a distributed computing system that includes a back-end component. The back-end component can, for example, be a data server, a middleware component, and/or an application server. The above described techniques can be implemented in a distributing computing system that includes a front-end component. The front-end component can, for example, be a client computer having a graphical user interface, a Web browser through which a user can interact with an example implementation, and/or other graphical user interfaces for a transmitting device. The components of the system can be. interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network (LAN), a wide area network (WAN), the Internet, wired networks, and/or wireless networks.
|00125J The system can include clients and servers. A client and a server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. 100126] Packet-based networks can include, lor example, the Internet, a carrier internet protocol (II1) network (e.g., local area network (LAN), wide area network (WAN), campus area network (CAN), metropolitan area network (MAN), home area network (HAN)), a private IP network, an IP private branch exchange (IPBX),. a wireless network (e.g., radio access network (RAN), 802.1 1 network, 802. 16 network, general packet radio service (GPRS) network, HiperLAN), and/or other packet-based networks. Circuit-based networks can include, for example, the public switched telephone network (PSTN), a private branch exchange (PBX), a wireless network (e.g., RAN, bluetooth, code-division multiple access (CDMA) network, time division multiple access (TDMA) network, global system for mobile communications (GSM) network), and/or other circuit-based networks.
|00127| The computing device can include, for example, a computer, a computer with a browser device, a telephone, an IP phone, a mobile device (e.g., cellular phone, personal digital assistant (PDA) device, laptop computer, electronic mail device), and/or other communication devices. The browser device includes, for example, a computer (e.g., desktop computer, laptop computer) with a world wide web browser (e.g., Microsoft® Internet Explorer® available from Microsoft Corporation, Mozilla® Firefox available from Mozilla Corporation). The mobile computing device includes, for example, a personal digital assistant (PDA).
|0 128| Comprise, include, and/or plural forms of each arc open ended and include the listed parts and can include additional parts that are not listed. And/or is open ended and includes one or more of the listed parts and combinations of the listed parts.
[001291 One skilled in the art will realize the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The foregoing embodiments are therefore to be considered in all respects illustrative rather than limiting of the invention described herein. Scope of the invention is thus indicated by the appended claims, rather than by the foregoing description, and all changes that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

Claims

CLAIMS What is claimed is:
1. Λ secure removable media device, the secure removable media device comprising:
a postage register system configured to manage access to a postage register; an operating system configured to control a computing device; and.
a point of sale system configured to:
request access to- the postage register via. the postage register system, and
request access to the computing device via the operating system.
2. The secure removable media device of claim 1 , further comprising a partition emulator system configured to enable access to the postage register- system, the. point of sale system, the operating system, or any combination thereof;
3. The secure removable media device of claim 1 , further comprising a partition emulator system configured to authenticate the computing device based on a signed computing device identification stored on the secure removable media device.
4. The secure removable media device of claim 3, wherein the postage register system is encrypted, the point of sale system is encrypted, and/or the operating system is encrypted; and further comprising the partition emulator system configured to decrypt the postage register system, the point of sale system, the operating system, or any combination thereof based on the authenticat ion of the computing device.
5. The secure removable media device of claim 1 , further comprising a partition emulator system configured to authenticate the secure removable media device based on a signed removable storage device identification stored on the secure removable media device.
6. The secure removable media device of claim 5, wherein the postage register system is encrypted, the point of sale system is encrypted, and/or the operating system is encrypted; and further comprising the partition emulator system configured to decrypt the postage register system, the point of sale system, the operating system, or any combination thereof based on the authentication of the secure removable media device.
7. The secure removable media device of claim 1 , further comprising a partition emulator system configured to modify a signed computing device identification based on an update request from an authentication server.
8. The secure removable media device of claim 7, further comprising the partition emulator system further configured to encrypt the postage register system, the point of sale system, the operating system, or any combination thereof based on the modified signed computing device identification.
9. The secure removable media device of claim 1 , further comprising the postage register system further configured to append an entry to the postage register based on an append request from the point of sale system.
10. The secure removable media device of claim 1 , further comprising the postage register system further configured to determine available postage from the postage register based on an available postage request from the point of sale system.
1 1 . The secure removable media device of claim 1 , further comprising the postage register system further configured to audit the postage register based on an audit request from the point of sale system.
12. The secure removable media device of claim 1 , further comprising the postage register system further configured to credit postage to the postage register based on an authenticated add postage request from an authenticated postage server.
13. The secure removable media device of claim 1. further comprising a boot loader.configured to execute instructions to initiate a start-up sequence of the computing device.
14. The secure removable media device of claim 1 , wherein the secure removable media device comprising a secure digital memory card.
15. The secure removable media device of claim 1 ,. wherein the secure removable media device comprising a compact flash memory card, a secure universal serial bus memory device, a multimedia memory card, a memory stick device, an extreme digital memory card, or any combination thereof.
16. A secure removable media device, the secure removable media device including instructions being operable to cause a computing device to:
authenticate the secure removable media device based on a signed removable storage device identification stored on the secure removable media device;
authenticate the computing device based on a signed computing device identification storcd.on the secure removable media device;
manage access to a postage register, the instructions being operable to cause the computing device to manage access to the postage register being stored on the secure removable media device; and control the computing device, the instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device.
1 7. The secure removable media device of claim 16, further including instructions being operable.to cause the computing device to enable access to the postage.register based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
18. The secure removable media device of claim 16, further including instructions being operable to cause the computing device to enable access to the secure removable media device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
19. An ultra-light postage system/the system comprising:
a computing device configured to control one or more computerized components; and
a secure removable media device comprising:
a. postage register module/configured to manage access to a postage register;
an operating system module configured to. control the computing device; and
a point of sale module configured to request access to the postage register via the postage register module, and request access to the computing device via the operating system module.
20. The system of claim 19, further comprising a printer for printing postage based on an authorized postage request.
21. The system of claim 20, further comprising the postage register module further configured to debit the postage register based on the authorized postage request.
22. The system of claim 19, wherein the computing device includes no computer executable instructions to access the postage register.
23. The system of claim 19, further comprising an enrollment device for determining one or more postage parameters associated with an object.
24. The system of claim 23, further comprising the point of sale module further configured to generate an authorized postage request based on the one or more postage parameters.
25. A method for operating an ultra-light postage system, the method comprising:
authenticating a secure removable media device based on a signed removable storage device identification stored on the secure removable media device;
authenticating a computing device based on a signed computing device identification stored on the secure removable media device;
managing access to a postage register based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof; and
controlling the computing device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
26. The method of claim 25, wherein instructions being operable to cause the computing device to manage access to the postage register being stored on the secure removable media device.
27. The method of claim 25, wherein instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device.
28. A method of authorizing an ultra-light postage system, the method comprising:
receiving a computing device from a computing device provider;
receiving a removable storage media device from a postage provider- assembling the computing device and the removable storage media device; and
authorizing the ultra-light postage system via a postage authentication server.
29. The method of claim 28, wherein the computing device includes no computer executable instructions to access a postage register associated with the ultra-light postage system;
30. A secure removable media device, the secure removable media device comprising:
means for managing access to a postage register;
means for controlling a computing device; and
means for requesting access to the postage register via the postage register system, and
means for requesting access to the computing device via the operating system.
31. Λ secure removable media device, the secure removable media device comprising:
a micro cash system configured to manage access to a micro cash register; an operating system configured to control a computing device; and a user interface system configured to:
request access to the micro cash register via the micro cash system, and
request access to the computing device via the operating system.
32. A secure removable media device, the secure removable media device including instructions being operable to cause a computing device to:
authenticate the secure removable media device based on a signed removable storage device identification stored on the secure removable media device;
authenticate the computing device based on a signed computing device identification stored on the secure removable media device;
manage access to a micro cash register, the instructions being operable to cause the computing device to manage access to the micro cash register being stored on the secure removable media device; and
control the computing device, the instructions being operable to cause the computing device to control the computing device being stored on the secure removable media device.
33. An ultra-light micro cash system, the system comprising:
a computing device configured to control one or more computerized components; and
a secure removable media device comprising:
a micro cash register module configured to manage access to a micro cash register; an operating system module configured to control the computing device; and
a user interface module configured to request access to the micro cash register via the micro cash module, and request access to the computing device via the operating system module.
34. A method for operating an ultra-light micro cash system, the method comprising:
authenticating a secure removable media device based on a signed removable storage device identification stored on the secure removable media device;
authenticating a computing device based on a signed computing device identification stored on the secure removable media device;
managing access to a micro cash register based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof; and
controlling the computing device based on the authentication of the secure removable media device, the authentication of the computing device, or any combination thereof.
35. A method of authorizing an ultra-light micro cash system, the method comprising:
receiving a computing device from a computing device provider;
receiving a removable storage media device from a micro cash provider; assembling the computing device and the removable storage media device; and
authorizing the ultra-light micro cash system via a micro, cash authentication server.
PCT/US2011/053004 2010-09-24 2011-09-23 Ultra-light postage system Ceased WO2012040588A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US38625910P 2010-09-24 2010-09-24
US61/386,259 2010-09-24

Publications (1)

Publication Number Publication Date
WO2012040588A1 true WO2012040588A1 (en) 2012-03-29

Family

ID=45874186

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/053004 Ceased WO2012040588A1 (en) 2010-09-24 2011-09-23 Ultra-light postage system

Country Status (1)

Country Link
WO (1) WO2012040588A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9678760B2 (en) 2014-08-01 2017-06-13 Samsung Electronics Co., Ltd. Memory card and storage system having authentication program and method for operating thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030110083A1 (en) * 2001-12-10 2003-06-12 Taylor Jason W. Automated point-of-sale terminal for use in a post office
US20040088270A1 (en) * 2002-10-31 2004-05-06 Davis Susan M.F. Postage indicia for product registration cards
US20040215581A1 (en) * 2001-02-23 2004-10-28 Lord Daniel J Systems and methods for dispensing postage stamps
US20050066069A1 (en) * 2003-09-19 2005-03-24 Kenichi Kaji Personal computer control system using portable memory medium and portable telephone set, and portable memory medium and portable telephone set therefor
US20060173796A1 (en) * 1995-10-11 2006-08-03 Kara Salim G System and method for printing multiple postage indicia

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060173796A1 (en) * 1995-10-11 2006-08-03 Kara Salim G System and method for printing multiple postage indicia
US20040215581A1 (en) * 2001-02-23 2004-10-28 Lord Daniel J Systems and methods for dispensing postage stamps
US20030110083A1 (en) * 2001-12-10 2003-06-12 Taylor Jason W. Automated point-of-sale terminal for use in a post office
US20040088270A1 (en) * 2002-10-31 2004-05-06 Davis Susan M.F. Postage indicia for product registration cards
US20050066069A1 (en) * 2003-09-19 2005-03-24 Kenichi Kaji Personal computer control system using portable memory medium and portable telephone set, and portable memory medium and portable telephone set therefor

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9678760B2 (en) 2014-08-01 2017-06-13 Samsung Electronics Co., Ltd. Memory card and storage system having authentication program and method for operating thereof

Similar Documents

Publication Publication Date Title
KR101159384B1 (en) Method and apparatus for provisioning software
US7353213B2 (en) System and method for preventing duplicate printing in a web browser
US7778924B1 (en) System and method for transferring items having value
US8027926B2 (en) Secure and recoverable database for on-line value-bearing item system
US11842419B1 (en) Single secure environment session generating multiple indicia
CN104969245B (en) Apparatus and method for secure element transactions and asset management
CN101438316B (en) Binding a device to a computer
TWI330784B (en) Security system for information handling system and method for verifying security of data delivered on information handling system
US20020023057A1 (en) Web-enabled value bearing item printing
US9569602B2 (en) Mechanism for enforcing user-specific and device-specific security constraints in an isolated execution environment on a device
US20110267638A1 (en) Fraud detection in a postage system
US20100250944A1 (en) Information processing apparatus, authentication device, and recording medium
WO1999041690A1 (en) Methods and apparatus for internet based financial transactions with evidence of payment
US20030187666A1 (en) Techniques for dispensing postage using a communications network
KR20060054164A (en) Prepaid Computers and Methods for Dynamic Price Differentiation
CN104281947A (en) Systems and methods for using a domain-specific security sandbox to facilitate secure transactions
US20060165227A1 (en) System and method for distribution of provisioning packets
WO2012040588A1 (en) Ultra-light postage system
EP2690841B1 (en) Method and system for multiple servers to share a postal security device
US20160171638A1 (en) Method and system for supporting multiple postage printing devices using multiple customer accounts without having to maintain funds in each customer account
US20170168868A1 (en) Simultaneous multiple-user postage meter/shipping device
US20050171915A1 (en) Postal franking meter used as a trusted gateway
WO2007027393A2 (en) Managing postage funds for use by multiple postage meters
US20250371537A1 (en) Trusted signing service and sponsored paymaster for transaction fees in native cryptocurrency
JP2003036404A (en) Software rental system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11827621

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11827621

Country of ref document: EP

Kind code of ref document: A1