EP1240624A2 - Proof of postage digital franking - Google Patents

Proof of postage digital franking

Info

Publication number
EP1240624A2
EP1240624A2 EP00991003A EP00991003A EP1240624A2 EP 1240624 A2 EP1240624 A2 EP 1240624A2 EP 00991003 A EP00991003 A EP 00991003A EP 00991003 A EP00991003 A EP 00991003A EP 1240624 A2 EP1240624 A2 EP 1240624A2
Authority
EP
European Patent Office
Prior art keywords
psd
postage
postal
security device
funds
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00991003A
Other languages
German (de)
French (fr)
Other versions
EP1240624A4 (en
Inventor
George Brookner
Michael Brown
Fetneh Eskandari
Robert Schwartz
Eric Zuidema
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hasler Inc
Original Assignee
Ascom Hasler Mailing Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ascom Hasler Mailing Systems Inc filed Critical Ascom Hasler Mailing Systems Inc
Publication of EP1240624A2 publication Critical patent/EP1240624A2/en
Publication of EP1240624A4 publication Critical patent/EP1240624A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • G07B2017/00137In a LAN
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • G07B2017/00145Communication details outside or between apparatus via the Internet
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00193Constructional details of apparatus in a franking system
    • G07B2017/00201Open franking system, i.e. the printer is not dedicated to franking only, e.g. PC (Personal Computer)
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00959Cryptographic modules, e.g. a PC encryption board
    • G07B2017/00967PSD [Postal Security Device] as defined by the USPS [US Postal Service]

Definitions

  • the invention relates generally to postage meters, also called franking machines, and relates more particularly to electronic postage meters printing digital postal indicia.
  • Postage meters are well known. The present assignee has been designing and manufacturing postage meters for many, many decades. After these decades of experience, postage meters are extremely reliable and cost has been reduced to a minimum.
  • a typical postage meter prints its postage by means of an intaglio-type metal or strong plastic printing plate or die plate, using specified fluorescent ink_
  • Postage meters are simple to operate and there is little to go wrong. They have been accepted by nearly all the post offices of the world. Postage meters benefit post offices by reducing the need for retail sales of postage stamps, and by making it easy for postal patrons to adjust to changes in postage rates.
  • Present-day postage meters are able to accommodate mail pieces of varying thickness, and are able to print their indicia even if the surface of the mail piece is uneven.
  • a proof-of-postage generating system wherein funds, application of those funds, the replenishment of those funds and the auditing of those funds are secure against attempts at fraud.
  • the system may either be a Closed System (CS) wherein the pro of-of postage printing means are housed within the system computational means or within a cryptographically secure boundary.
  • CS Closed System
  • OS Open System
  • Fig. 1 is a functional block diagram of a first embodiment of a closed-system type of postage meter
  • Fig. 2 is a functional block diagram of a second embodiment of a closed-system type of postage meter
  • Fig. 3 is a functional block diagram of a third embodiment of a closed-system type of postage meter
  • Fig. 3A is a functional block diagram of a variant of a closed-system type of postage meter
  • Fig. 4 is a functional block diagram of a first embodiment of an open-system type of postage meter
  • Fig. 5 is a functional block diagram of a second embodiment of an open-system type of postage meter
  • Fig. 6A is a functional block diagram of a third embodiment of an open-system type of postage meter, with an internally mounted postal security device (PSD);
  • PSD postal security device
  • Fig. 6B is a functional block diagram of a third embodiment of an open-system type of postage meter, with an externally mounted PSD;
  • Fig. 7A is a functional block diagram of a fourth embodiment of an open-system type of postage meter, with an internally mounted postal security device (PSD);
  • PSD postal security device
  • Fig. 7B is a functional block diagram of a fourth embodiment of an open-system type of postage meter, with an externally mounted PSD;
  • Fig. 8 is a functional block diagram of a fifth embodiment of an open-system type of postage meter
  • Fig. 9A is a functional block diagram of a first embodiment of a hybrid of a closed-system and open-system type of postage meter.
  • Fig. 9B is a functional block diagram of a second embodiment of a hybrid of a closed-system and open-system type of postage meter.
  • a proof-of-postage generating system is described wherein funds, application of those funds, the replenishment of those funds and the auditing of those funds are secure against attempts at fraud.
  • the system may either be a Closed System (CS) wherein the proof-of postage printing means are housed within the system computational means or within a cryptographically secure boundary.
  • the system may be an Open System (OS) wherein the proof-of postage printing means are external to the system computational means.
  • PSD Postal Security Device
  • OS Open System
  • CS Closed System
  • the proof-of-postage (postal indicium) is digitally generated data.
  • Said digital data is represented as an image (generally, a printed image) on the mailpiece requiring said proof-of-postage.
  • Said proof-of postage may be represented as a graphical image, human readable information, various bar codes (both 1 - dimensional or 2-dime ⁇ sional codes), OCR characters, etc., or any combination thereof.
  • PSD Postal Security Device
  • the first embodiments set forth herein relate to Closed Systems (CS) which may take the form of three different embodiments, dependent upon the needs of the customer.
  • This CS approach provides a printing means within the franking device or within a cryptographically secure boundary as executed by a vendor.
  • Said franking device is dedicated to the imprinting of proof-of-postage (said proof-of-postage will take the form and aesthetics required by the regulating body) and other related information (at times referred to as audit information and reports).
  • the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD.
  • the Postal Security Device (PSD) 22 is attached as a "dongl ⁇ " (an adaptive interfacing device which connects to and uses a communications port while still allowing the port to be used by other devices) to the self contained franking device 24 (see Figure 1).
  • the cryptographic data content between the PSD 22 and franking device 24 is verified for authenticity (e.g. signature certificate) whereupon the printing mechanism 25 within the franking device 24 delivers the appropriate image to the mailpiece, letter or invoice.
  • Crediting new funds to the PSD is managed by an interface (modem) 21 adapted to the franking device 24 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD through the franking device 24.
  • modem interface
  • the communications between the franking device 24 and Data Center 20 or between the franking device 24 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body.
  • Said PSD 22 may be moved from one franking device 24 to another so long as each franking device 24 is authorized/keyed to function with said PSD 22. In all cases the PSD 22 has the ability to account for funds and history as related to the franking device 24 to which it has been attached.
  • the communications channel 31 between the franking device 24 and the data center 20 need not be secure.
  • the channel 31 may be a dialed voice telephone call over the public switched telephone network, with modems at each end of the line.
  • the channel 31 may be an ISDN telephone call, or may be a TCP/IP session placed over any suitable physical medium and underlying protocol, such as frame relay.
  • the communications between the franking device 24 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
  • the postal security device 22 contains an accounting register indicative of postage value, and contains cryptographic means, said cryptographic means disposed for secure communications with a remote host 20 for adjustment of the contents of said accounting register, said cryptographic means further disposed for generation of data to be included in said postal indicia, said postal security device 22 disposed to account within said accounting register for postage value provided in said postal indicia and to fail to generate such data when said accounting register satisfies a predetermined condition.
  • the accounting register of the PSD 22 is a descending register, and postal indicia are printed only if the value stored in the descending register is greater than the amount of postage value desired to be printed. In this way the postage printing system employing the PSD 22 mimics the well-known behavior of a present- day postage meter in which the meter refuses to print more postage if it is empty or almost empty.
  • the Postal Security Device (PSD) 22 is internal to the franking device 24 and is disposed to the same security requirements of the first embodiment
  • Crediting new funds to the PSD is managed by an interface (modem) 21 adapted to the franking device 24 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the franking device 24.
  • the communications between the franking device 24 and Data Center 20 or between the franking device 24 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body.
  • the communications between the franking device 24 and data center 20 may desirably be carried out as set forth in U.S. Pat. No.
  • Said PSD 22 is not accessible for removal from the franking device 24. Attempts to do so or to modify PSD contents will be met with its fail safe ability to secure itself and its internal registers as required by the regulatory authority.
  • the Postal Security Device (PSD) 22 is interfaced to a personal computer 26 as is shown in Figure 3
  • the PSD 22 is credited with funds via communications (typically modem) between the personal computer (PC) 26 and associated Data Center 20.
  • the communications between the PC 26 and Data Center 20 foliow the cryptographic security rules and signature verifications required by the regulatory body.
  • the communications between the PC 26 and data center 20 may desirably be carried out as set forth in U.S. Pat No. 5,237.506, assigned to the same assignee as the assignee of the present invention. Further, the secure communications between the PSD 22 and the remote franking device 24 are likewise assured.
  • the PC 26 is programmed so that it can receive a request from a user for the printing of postage, and forward information about the request to the PSD 22.
  • the PSD 22 provides cryptographically secured data which will be contained in the postal indicium, and this data is provided eventually to a printer for printing.
  • a closed system printer 24 (each a dedicated printing mechanism 25, preferably in a secure housing) are networked to a Postal Security Device 22.
  • the PSD is in the same secure housing as the printing mechanism.
  • a cryptographic boundary 102 is established which contains the PSD and each of the at least two closed system printers 24.
  • the communications channel that networks the PSD and the printers is a channel which passes messages each of which is cryptographically authenticated so as to provide the equivalent of a secure physical housing containing the PSD and the printers.
  • the PSD is desirably in a personal computer, connected by modem 21 via a communications channel 31 to a remote data center 20.
  • passed messages may not be necessary that the passed messages be encrypted. Instead, it may suffice that they are merely cryptographically signed or otherwise cryptographically authenticated.
  • the printers can be used for any of a number of franking applications, including: mail transporting and franking, a static franking system, a semi-automatic franking system (e.g. insert mailpiece-eject mailpiece), or combinations thereof.
  • indicium e.g. 1 -D or 2-D bar code and other aspects of layout
  • form of indicium e.g. 1 -D or 2-D bar code and other aspects of layout
  • the PSD device 22 evident in the first and third embodiments (Figs. 1 and 3), present the opportunity for physically relocating said PSD 22 from a system configuration evidenced in Figure 1 to a different system configuration evidenced in Figure 3, or vice versa.
  • Said PSD 22 has the capability of optionally containing pertinent information regarding the system adaptation to which it is incorporated, including such parametric data as host serial numbers, register readings, and the like.
  • the PSD 22 noted in Figure 3 could be located in or on the Franking Device 24, to wit, the PC 26 would communicate to the Franking Machine's PSD via any PC compatible communications link (e.g. RS232, parallel, etc.).
  • the Open System (OS) arrangement which may take the form of five different embodiments, will now be described.
  • This employment provides a printing means 23 outside a franking device.
  • Said printing means 23 is any commercially available printing means capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements addressing said franked image content, makeup and resolution.
  • the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD.
  • the PSD 22 is interfaced to a Personal Computer (PC) 26 communication port. Also interfaced to the same PC 26 is a printer 23 capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
  • PC Personal Computer
  • PSD 22 Crediting new funds to the PSD 22 is managed by an interface (modem) 21 adapted to the PC 26 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the PC 26.
  • the communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body.
  • the communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
  • Said PSD may be moved from one PC 26 to another. Further, said PSD 22 may be relocated to a Closed System (CS) embodiment such as that set forth in Figs. 1 and 3.
  • CS Closed System
  • the PSD 22 is internally interfaced to a Personal Computer (PC) 26 as is shown in Figure 5. Also interfaced to the same PC 26 is a printer 23 capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
  • PC Personal Computer
  • PSD 22 Postal Security Device 22
  • interface (modem) 21 adapted to the PC 26 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the PC 26.
  • the communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body.
  • the communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
  • the PSD 22 is internally mounted ( Figure 6A) or externally interfaced ( Figure 6B) to a networked host 27.
  • Networked to the host 27 are one or more Personal Computers (PC) 26.
  • the printing device 23 is interfaced to the host 27, as might be the case in a centralized mailing application.
  • the printer 23 is capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
  • PSD 22 Postal Security Device 22
  • interface (modem) 21 adapted to the Networked host which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the Networked host 27.
  • the communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body.
  • the communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
  • the Networked host 27 provides its interfaced printer 23 with the indicia representing addressing and postage value information requested by the local PCs 26 in accordance with indicia context requirements of the regulatory body.
  • the PSD 22 depicted in Fig. 6B may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
  • the printing devices 23 are interfaced to local Personal Computers 26, rather than to a Networked host 27.
  • Figs. 7A and 7B present the described configuration.
  • Fig. 7A defines the Networked host 27 with its PSD 22 internally mounted while Figure 7B shows the PSD 22 externally interfaced to the Networked host 27.
  • the PSD 22 depicted in Fig. 7B may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
  • the printing devices 23 are interfaced to either local Personal Computers 26 or a master host workstation 27 as shown in Fig. 8.
  • a single PSD 22 can support one or more indicium application sources from a master workstation 27. This embodiment is typical of a decentralized office environment where indicium applications occur at different workstations 26. However, only one workstation 27 in the local network loop 33 need have the PSD 22. All work stations 26 have the ability to produce secure indicia.
  • PSD 22 Postal Security Device 22
  • interface (modem) 21 adapted to the workstation 27 to which the PSD 22 is attached which communicates cryptographically with a remote host Data Center 20 which, in turn, provides funds for the PSD through the workstation 27 to which the PSD 22 is attached.
  • the workstation 27 to which the PSD 22 is attached provides its interfaced printer 23 and/or one or more of its interfaced workstations 26 with the indicia representing addressing and postage value information requested by the associated workstation 23 in accordance with indicia context requirements of the regulatory body.
  • the PSD 22 depicted in Fig. 8 may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
  • a Closed System (CS) franking device is interfaced to an Open System (OS) Personal Computer-based system which may take the form of two different embodiments, dependent upon the needs of the customer, as disclosed in Figs. 9A and 9B.
  • CS Closed System
  • OS Open System
  • Such a system provides the ability for a CS, typified in Fig. 2 whose PSD may be internal to the franking device as disclosed in Fig. 2, or external to the franking device, as disclosed in Fig. 1.
  • the Fig. 9A embodiment depicts said franking device interfaced to an external Personal Computer (PC) 26 which requests and receives proof of postage data from the CS franking device 24 for application to a mailpiece being processed through its (the PCs) own dedicated printer 23.
  • PC Personal Computer
  • said PC 24 may be networked to one or more Personal Computers 26 with each of those PCs 26 accessing one or more printers 23.
  • Said printing means relates to any commercially available printing means capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements addressing said franked image content, makeup and resolution.
  • the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD.
  • the PSD 22 via the "dongle" or other adaptive interfacing device which connects to and uses a communications port while still allowing the port to be used by other devices interface may be connected to a device not previously predisposed to accepting installation of said PSD 22.
  • the PSD 22 can be credited with new or additional funds via a modem 21 within or external to the PSDs host.
  • the PSD 22 can be credited with new or additional funds via a communications port (e.g. RS232) on the PSDs host.
  • the host utilizes its internal or external modem to contact a remote central Data Center for downloading of funds to be credited to the PSD 22.
  • the PSD 22 may be removed from its host and connected to the parallel or serial port of a PC 26 with modem communications ability wherein said PC would communicate with a remote central Data Center to download funds into the PSD. The PSD would then be returned to its operational host.
  • the PSD may be connected directly to a PC wherein:
  • a postage metering device obtains a postmark (indicium) data from said PC, operating in a Closed System (CS) environment.
  • CS Closed System
  • a PC software can obtain a postmark (indicium) data from the same PSD in either an OS or CS.
  • a PC can be networked and share a single PSD with associated PCs/workstations in an OS.
  • the postage metering device configured as a Personal Computer (PC) is capable of being networked to one or more PCs to support multiple OS franking workstations.
  • PC Personal Computer

Abstract

A proof-of-postage generating system (22, 24, 25, 26, 27) wherein funds, application of those funds, the replenishment of those funds and the auditing of those funds are secure against attempts at fraud. The system (22, 24, 25, 26, 27) may either be a Closed System (CS) wherein the proof-of-postage printing means (22) are housed within the system computational means (24, 26) or within a cryptographically secure boundary. Further, the system (22, 24, 25, 26, 27) may be an Open System (OS) wherein the proof-of-postage printing means are external to the system computational means (24, 26).

Description

Proof of postage digital franking Technical field
The invention relates generally to postage meters, also called franking machines, and relates more particularly to electronic postage meters printing digital postal indicia.
Background art
Postage meters are well known. The present assignee has been designing and manufacturing postage meters for many, many decades. After these decades of experience, postage meters are extremely reliable and cost has been reduced to a minimum. A typical postage meter prints its postage by means of an intaglio-type metal or strong plastic printing plate or die plate, using specified fluorescent ink_
Most postage meter customers never have reason to call for repair of their postage meters. Postage meters are simple to operate and there is little to go wrong. They have been accepted by nearly all the post offices of the world. Postage meters benefit post offices by reducing the need for retail sales of postage stamps, and by making it easy for postal patrons to adjust to changes in postage rates. Present-day postage meters are able to accommodate mail pieces of varying thickness, and are able to print their indicia even if the surface of the mail piece is uneven.
Nothwithstanding the reliability, low cost, and ease of use of present-day postage meter designs, it has been suggested by some postal authorities that all postage meters presently in use be removed from service and that postage be printed instead by common computer printers using ordinary ink. This means that anyone with an ordinary computer printer can readily generate a plausible-looking postal indicium at any time and in any desired quantity. The only possible approach for reducing fraud, when ordinary computer printers are used, is to incorporate cryptographically secure information into the postal indicium, and to read and verify that information on each and every mail piece. The present invention is~directed to system configurations in which such cryptographically secure information is generated for use in printing such indicia. To be commercially viable, such system configurations must not only satisfy the requirements of the postal authorities, but must also provide user function more or less approximating that of present-day postage meters.
Disclosure of invention
A proof-of-postage generating system wherein funds, application of those funds, the replenishment of those funds and the auditing of those funds are secure against attempts at fraud. The system may either be a Closed System (CS) wherein the pro of-of postage printing means are housed within the system computational means or within a cryptographically secure boundary. Further, the system my be an Open System (OS) wherein the proof-of postage printing means are external to the system computational means.
Brief description of the drawing
The invention will be described with respect to a drawing in several figures, of which:
Fig. 1 is a functional block diagram of a first embodiment of a closed-system type of postage meter,
Fig. 2 is a functional block diagram of a second embodiment of a closed-system type of postage meter;
Fig. 3 is a functional block diagram of a third embodiment of a closed-system type of postage meter;
Fig. 3A is a functional block diagram of a variant of a closed-system type of postage meter; Fig. 4 is a functional block diagram of a first embodiment of an open-system type of postage meter;
Fig. 5 is a functional block diagram of a second embodiment of an open-system type of postage meter;
Fig. 6A is a functional block diagram of a third embodiment of an open-system type of postage meter, with an internally mounted postal security device (PSD);
Fig. 6B is a functional block diagram of a third embodiment of an open-system type of postage meter, with an externally mounted PSD;
Fig. 7A is a functional block diagram of a fourth embodiment of an open-system type of postage meter, with an internally mounted postal security device (PSD);
Fig. 7B is a functional block diagram of a fourth embodiment of an open-system type of postage meter, with an externally mounted PSD;
Fig. 8 is a functional block diagram of a fifth embodiment of an open-system type of postage meter;
Fig. 9A is a functional block diagram of a first embodiment of a hybrid of a closed-system and open-system type of postage meter; and
Fig. 9B is a functional block diagram of a second embodiment of a hybrid of a closed-system and open-system type of postage meter.
Modes for carrying out the invention
A proof-of-postage generating system is described wherein funds, application of those funds, the replenishment of those funds and the auditing of those funds are secure against attempts at fraud. The system may either be a Closed System (CS) wherein the proof-of postage printing means are housed within the system computational means or within a cryptographically secure boundary. Alternatively, the system may be an Open System (OS) wherein the proof-of postage printing means are external to the system computational means.
As will be described in more detail below, what is provided is a Postal Security Device (PSD) within which is housed physically secure, as well cryptographically secure funds and associated accounting registers, said PSD itself being utilized within a dynamic system which provides for the interchange of data between a funds provider source, a computational funds tracking and maintenance source and a printing source. Each embodiment described below, whether an Open System (OS) or Closed System (CS), provides all necessary security against fraudulent attacks against the system. This invention is intended to provide a customers with a number of alternative approaches to optimize the customer's use, tracking, and replenishing of the customer's franking funds within the environment surrounding the dispensing of postal funds for proof-of-payment for the services required. In all cases, the proof-of-postage (postal indicium) is digitally generated data. Said digital data is represented as an image (generally, a printed image) on the mailpiece requiring said proof-of-postage. Said proof-of postage may be represented as a graphical image, human readable information, various bar codes (both 1 - dimensional or 2-dimeπsional codes), OCR characters, etc., or any combination thereof.
The Postal Security Device (PSD) will support methods of applying postage in lieu of the present-day approach, which is typically a self-contained electromechanical or mechanical postage meter which imprints indicia on mailpieces. Described below are a number of system integration designs wherein said PSD is a small element of both large and small systems capable of supporting the needs of both large and small businesses, as well as the private citizen.
The first embodiments set forth herein relate to Closed Systems (CS) which may take the form of three different embodiments, dependent upon the needs of the customer. This CS approach provides a printing means within the franking device or within a cryptographically secure boundary as executed by a vendor. Said franking device is dedicated to the imprinting of proof-of-postage (said proof-of-postage will take the form and aesthetics required by the regulating body) and other related information (at times referred to as audit information and reports). In all cases and embodiments, the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD.
In the first embodiment of this closed system arrangement, the Postal Security Device (PSD) 22 is attached as a "donglε" (an adaptive interfacing device which connects to and uses a communications port while still allowing the port to be used by other devices) to the self contained franking device 24 (see Figure 1). The cryptographic data content between the PSD 22 and franking device 24 is verified for authenticity (e.g. signature certificate) whereupon the printing mechanism 25 within the franking device 24 delivers the appropriate image to the mailpiece, letter or invoice. Crediting new funds to the PSD is managed by an interface (modem) 21 adapted to the franking device 24 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD through the franking device 24. The communications between the franking device 24 and Data Center 20 or between the franking device 24 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. Said PSD 22 may be moved from one franking device 24 to another so long as each franking device 24 is authorized/keyed to function with said PSD 22. In all cases the PSD 22 has the ability to account for funds and history as related to the franking device 24 to which it has been attached.
Those skilled in the art will appreciate that the communications channel 31 between the franking device 24 and the data center 20 need not be secure. The channel 31 may be a dialed voice telephone call over the public switched telephone network, with modems at each end of the line. Alternatively, the channel 31 may be an ISDN telephone call, or may be a TCP/IP session placed over any suitable physical medium and underlying protocol, such as frame relay. The communications between the franking device 24 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
Those skilled in the art will also appreciate that the postal security device 22 contains an accounting register indicative of postage value, and contains cryptographic means, said cryptographic means disposed for secure communications with a remote host 20 for adjustment of the contents of said accounting register, said cryptographic means further disposed for generation of data to be included in said postal indicia, said postal security device 22 disposed to account within said accounting register for postage value provided in said postal indicia and to fail to generate such data when said accounting register satisfies a predetermined condition. In a typical arrangement, the accounting register of the PSD 22 is a descending register, and postal indicia are printed only if the value stored in the descending register is greater than the amount of postage value desired to be printed. In this way the postage printing system employing the PSD 22 mimics the well-known behavior of a present- day postage meter in which the meter refuses to print more postage if it is empty or almost empty.
In the second embodiment of this closed system employment, as shown in Fig. 2, the Postal Security Device (PSD) 22 is internal to the franking device 24 and is disposed to the same security requirements of the first embodiment Crediting new funds to the PSD is managed by an interface (modem) 21 adapted to the franking device 24 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the franking device 24. The communications between the franking device 24 and Data Center 20 or between the franking device 24 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. The communications between the franking device 24 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention. Said PSD 22 is not accessible for removal from the franking device 24. Attempts to do so or to modify PSD contents will be met with its fail safe ability to secure itself and its internal registers as required by the regulatory authority.
In the third embodiment of this closed system employment, the Postal Security Device (PSD) 22 is interfaced to a personal computer 26 as is shown in Figure 3
The PSD 22 is credited with funds via communications (typically modem) between the personal computer (PC) 26 and associated Data Center 20. The communications between the PC 26 and Data Center 20 foliow the cryptographic security rules and signature verifications required by the regulatory body. The communications between the PC 26 and data center 20 may desirably be carried out as set forth in U.S. Pat No. 5,237.506, assigned to the same assignee as the assignee of the present invention. Further, the secure communications between the PSD 22 and the remote franking device 24 are likewise assured.
The PC 26 is programmed so that it can receive a request from a user for the printing of postage, and forward information about the request to the PSD 22. The PSD 22 provides cryptographically secured data which will be contained in the postal indicium, and this data is provided eventually to a printer for printing.
In a variant of this closed system, as shown in Fig. 3A at least two closed system printers 24 (each a dedicated printing mechanism 25, preferably in a secure housing) are networked to a Postal Security Device 22. In some prior-art systems the PSD is in the same secure housing as the printing mechanism. Here, a cryptographic boundary 102 is established which contains the PSD and each of the at least two closed system printers 24. Another way to describe this is that the communications channel that networks the PSD and the printers is a channel which passes messages each of which is cryptographically authenticated so as to provide the equivalent of a secure physical housing containing the PSD and the printers. The PSD is desirably in a personal computer, connected by modem 21 via a communications channel 31 to a remote data center 20.
Those skilled in the art will appreciate that it may not be necessary that the passed messages be encrypted. Instead, it may suffice that they are merely cryptographically signed or otherwise cryptographically authenticated.
The printers can be used for any of a number of franking applications, including: mail transporting and franking, a static franking system, a semi-automatic franking system (e.g. insert mailpiece-eject mailpiece), or combinations thereof.
It should be appreciated that the particular cryptographic standards employed in generating the data for the indicium are specified by the postal authorities, and thus that the particular cryptographic standard employed is not critical to the invention. Likewise, the form of indicium (e.g. 1 -D or 2-D bar code and other aspects of layout) are also specified by the postal authorities and thus are not critical to the invention.
The PSD device 22, evident in the first and third embodiments (Figs. 1 and 3), present the opportunity for physically relocating said PSD 22 from a system configuration evidenced in Figure 1 to a different system configuration evidenced in Figure 3, or vice versa. Said PSD 22 has the capability of optionally containing pertinent information regarding the system adaptation to which it is incorporated, including such parametric data as host serial numbers, register readings, and the like. The PSD 22 noted in Figure 3 could be located in or on the Franking Device 24, to wit, the PC 26 would communicate to the Franking Machine's PSD via any PC compatible communications link (e.g. RS232, parallel, etc.).
The Open System (OS) arrangement, which may take the form of five different embodiments, will now be described. The selection of the particular embodiment is determined by the needs of the customer. This employment provides a printing means 23 outside a franking device. Said printing means 23 is any commercially available printing means capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements addressing said franked image content, makeup and resolution. In all cases and embodiments, the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD. In the first embodiment of this open system arrangement, as shown in Fig. 4, the PSD 22 is interfaced to a Personal Computer (PC) 26 communication port. Also interfaced to the same PC 26 is a printer 23 capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
Crediting new funds to the PSD 22 is managed by an interface (modem) 21 adapted to the PC 26 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the PC 26. The communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. The communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention. Said PSD may be moved from one PC 26 to another. Further, said PSD 22 may be relocated to a Closed System (CS) embodiment such as that set forth in Figs. 1 and 3.
In the second embodiment of an Open System arrangement, the PSD 22 is internally interfaced to a Personal Computer (PC) 26 as is shown in Figure 5. Also interfaced to the same PC 26 is a printer 23 capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
This embodiment of the Postal Security Device (PSD) 22 is subjected to the same security requirements as are applicable in the first embodiment. Crediting new funds to the PSD 22 is managed by interface (modem) 21 adapted to the PC 26 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the PC 26. The communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. The communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
In the third embodiment of an Open System arrangement, the PSD 22 is internally mounted (Figure 6A) or externally interfaced (Figure 6B) to a networked host 27. Networked to the host 27 are one or more Personal Computers (PC) 26. The printing device 23 is interfaced to the host 27, as might be the case in a centralized mailing application. The printer 23 is capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
This embodiment of the Postal Security Device (PSD) 22 is subjected to the same security requirements as in the other embodiments. Crediting new funds to the PSD 22 is managed by interface (modem) 21 adapted to the Networked host which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the Networked host 27. The communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. The communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
The Networked host 27 provides its interfaced printer 23 with the indicia representing addressing and postage value information requested by the local PCs 26 in accordance with indicia context requirements of the regulatory body. The PSD 22 depicted in Fig. 6B may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
In the fourth embodiment of an Open System arrangement, the printing devices 23 are interfaced to local Personal Computers 26, rather than to a Networked host 27. Figs. 7A and 7B present the described configuration. Fig. 7A defines the Networked host 27 with its PSD 22 internally mounted while Figure 7B shows the PSD 22 externally interfaced to the Networked host 27. However, the PSD 22 depicted in Fig. 7B may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
In a fifth embodiment of an Open System arrangmεnt, the printing devices 23 are interfaced to either local Personal Computers 26 or a master host workstation 27 as shown in Fig. 8. A single PSD 22 can support one or more indicium application sources from a master workstation 27. This embodiment is typical of a decentralized office environment where indicium applications occur at different workstations 26. However, only one workstation 27 in the local network loop 33 need have the PSD 22. All work stations 26 have the ability to produce secure indicia.
This embodiment of the Postal Security Device (PSD) 22 is subjected to the same security requirements as in the previously described embodiments. Crediting new funds to the PSD 22 is managed by interface (modem) 21 adapted to the workstation 27 to which the PSD 22 is attached which communicates cryptographically with a remote host Data Center 20 which, in turn, provides funds for the PSD through the workstation 27 to which the PSD 22 is attached. The workstation 27 to which the PSD 22 is attached provides its interfaced printer 23 and/or one or more of its interfaced workstations 26 with the indicia representing addressing and postage value information requested by the associated workstation 23 in accordance with indicia context requirements of the regulatory body. The PSD 22 depicted in Fig. 8 may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
Finally, hybrid systems may be employed in which a Closed System (CS) franking device is interfaced to an Open System (OS) Personal Computer-based system which may take the form of two different embodiments, dependent upon the needs of the customer, as disclosed in Figs. 9A and 9B. Such a system provides the ability for a CS, typified in Fig. 2 whose PSD may be internal to the franking device as disclosed in Fig. 2, or external to the franking device, as disclosed in Fig. 1. The Fig. 9A embodiment depicts said franking device interfaced to an external Personal Computer (PC) 26 which requests and receives proof of postage data from the CS franking device 24 for application to a mailpiece being processed through its (the PCs) own dedicated printer 23.
Alternately as shown in Fig. 9B, said PC 24 may be networked to one or more Personal Computers 26 with each of those PCs 26 accessing one or more printers 23. Said printing means relates to any commercially available printing means capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements addressing said franked image content, makeup and resolution. In each embodiments, the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD.
In summary, the following have been disclosed:
•The PSD 22 via the "dongle" or other adaptive interfacing device which connects to and uses a communications port while still allowing the port to be used by other devices interface may be connected to a device not previously predisposed to accepting installation of said PSD 22.
•The PSD 22 can be credited with new or additional funds via a modem 21 within or external to the PSDs host.
•The PSD 22 can be credited with new or additional funds via a communications port (e.g. RS232) on the PSDs host. The host, in turn, utilizes its internal or external modem to contact a remote central Data Center for downloading of funds to be credited to the PSD 22.
•The PSD 22 may be removed from its host and connected to the parallel or serial port of a PC 26 with modem communications ability wherein said PC would communicate with a remote central Data Center to download funds into the PSD. The PSD would then be returned to its operational host.
•The PSD may be connected directly to a PC wherein:
- A postage metering device obtains a postmark (indicium) data from said PC, operating in a Closed System (CS) environment.
- A PC software can obtain a postmark (indicium) data from the same PSD in either an OS or CS.
- A PC can be networked and share a single PSD with associated PCs/workstations in an OS.
•While a PSD is connected to a postage metering device it is able to:
- Output postmarks (indicium) data to a PC connected to the postage metering device's communication port (e.g. RS232) when operating in an Open System (OS) franking environment.
- The postage metering device configured as a Personal Computer (PC) is capable of being networked to one or more PCs to support multiple OS franking workstations.
While the invention has been described with respect to particular embodiments and figures, it should be understood that the invention is not limited to those particular embodiments and figures. Indeed, those skilled in the art will readily identify numerous obvious variations of the invention, all of which are within the invention, as defined by the claims that follow.

Claims

1. A system for printing postal indicia, the system comprising:
at least two printers, each printer comprising a printing means within a first physically secure housing, said physically secure housing containing first cryptographic means;
a postal security device, said device comprising an accounting register indicative of postage value, said accounting register within a second physically secure housing, said physically secure housing containing second cryptographic means;
a first communications channel communicatively coupling said first and second cryptographic means, said first communications channel being nonsecure, said first and second cryptographic means disposed relative to each other to define a cryptographic boundary containing said first and second physically secure housings;
said second cryptographic means disposed for secure communications with a remote host for adjustment of the contents of said accounting register, said second cryptographic means further disposed for generation of data to be included in said postal indicia, said postal security device disposed to account within said accounting means for postage value provided in said postal indicia and to fail to generate such data when said accounting register is in predetermined relationship with an amount of postage value to be printed;
each of said printers responsive to requests from respective users for the printing of postal indicia, and to receive generated data from the postal security device responsive to the requests, and to print postal indicia within which the generated data is provided.
2. The system of claim 1 wherein the postal security device and printers are communicatively coupled via a local-area network.
3. The system of claim 1 wherein the postal security device and printers are communicatively coupled via TCP/IP.
EP00991003A 1999-11-12 2000-11-13 Proof of postage digital franking Withdrawn EP1240624A4 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US43881099A 1999-11-12 1999-11-12
US438810 1999-11-12
PCT/US2000/042109 WO2001035343A2 (en) 1999-11-12 2000-11-13 Proof of postage digital franking

Publications (2)

Publication Number Publication Date
EP1240624A2 true EP1240624A2 (en) 2002-09-18
EP1240624A4 EP1240624A4 (en) 2004-04-28

Family

ID=23742109

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00991003A Withdrawn EP1240624A4 (en) 1999-11-12 2000-11-13 Proof of postage digital franking

Country Status (4)

Country Link
EP (1) EP1240624A4 (en)
AU (1) AU3080801A (en)
CA (1) CA2391018A1 (en)
WO (1) WO2001035343A2 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0522809A2 (en) * 1991-07-08 1993-01-13 Neopost Limited Franking machine with digital printer
WO1998013790A1 (en) * 1996-09-24 1998-04-02 Ascom Hasler Mailing Systems Inc. Proof of postage digital franking
EP0927962A2 (en) * 1997-12-18 1999-07-07 Pitney Bowes Inc. Postage metering system and method for a single vault dispensing postage to a plurality of printers

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2173741B (en) * 1985-04-17 1989-07-05 Pitney Bowes Inc Unsecured postage applying system and method
US4813912A (en) * 1986-09-02 1989-03-21 Pitney Bowes Inc. Secured printer for a value printing system
US5812991A (en) * 1994-01-03 1998-09-22 E-Stamp Corporation System and method for retrieving postage credit contained within a portable memory over a computer network
US5583779A (en) * 1994-12-22 1996-12-10 Pitney Bowes Inc. Method for preventing monitoring of data remotely sent from a metering accounting vault to digital printer
US5606613A (en) * 1994-12-22 1997-02-25 Pitney Bowes Inc. Method for identifying a metering accounting vault to digital printer
US5684949A (en) * 1995-10-13 1997-11-04 Pitney Bowes Inc. Method and system for securing operation of a printing module
US5696829A (en) * 1995-11-21 1997-12-09 Pitney Bowes, Inc. Digital postage meter system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0522809A2 (en) * 1991-07-08 1993-01-13 Neopost Limited Franking machine with digital printer
WO1998013790A1 (en) * 1996-09-24 1998-04-02 Ascom Hasler Mailing Systems Inc. Proof of postage digital franking
EP0927962A2 (en) * 1997-12-18 1999-07-07 Pitney Bowes Inc. Postage metering system and method for a single vault dispensing postage to a plurality of printers

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO0135343A2 *

Also Published As

Publication number Publication date
EP1240624A4 (en) 2004-04-28
WO2001035343A3 (en) 2002-01-10
AU3080801A (en) 2001-06-06
WO2001035343A2 (en) 2001-05-17
CA2391018A1 (en) 2001-05-17

Similar Documents

Publication Publication Date Title
US6009417A (en) Proof of postage digital franking
CA2256277C (en) Multiple registered postage meter
CA2256183C (en) Method for removing funds from a postal security device
CA2263437C (en) Virtual postage metering system
CA2256671C (en) Postage metering system and method for a single vault dispensing postage to a plurality of printers
CA2224672C (en) System and method for providing an additional cryptography layer for postage meter refills
CA2266517A1 (en) System and method for retrieving postage credit over a network
US7203666B1 (en) Virtual postage metering system
WO2001035343A2 (en) Proof of postage digital franking
EP1254433A2 (en) Proof of postage digital franking

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020710

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

A4 Supplementary search report drawn up and despatched

Effective date: 20040316

RIC1 Information provided on ipc code assigned before grant

Ipc: 7G 07B 17/00 A

17Q First examination report despatched

Effective date: 20040602

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20040713