Proof of postage digital franking Technical field
The invention relates generally to postage meters, also called franking machines, and relates more particularly to electronic postage meters printing digital postal indicia.
Background art
Postage meters are well known. The present assignee has been designing and manufacturing postage meters for many, many decades. After these decades of experience, postage meters are extremely reliable and cost has been reduced to a minimum. A typical postage meter prints its postage by means of an intaglio-type metal or strong plastic printing plate or die plate, using specified fluorescent ink_
Most postage meter customers never have reason to call for repair of their postage meters. Postage meters are simple to operate and there is little to go wrong. They have been accepted by nearly all the post offices of the world. Postage meters benefit post offices by reducing the need for retail sales of postage stamps, and by making it easy for postal patrons to adjust to changes in postage rates. Present-day postage meters are able to accommodate mail pieces of varying thickness, and are able to print their indicia even if the surface of the mail piece is uneven.
Nothwithstanding the reliability, low cost, and ease of use of present-day postage meter designs, it has been suggested by some postal authorities that all postage meters presently in use be removed from service and that postage be printed instead by common computer printers using ordinary ink. This means that anyone with an ordinary computer printer can readily generate a plausible-looking postal indicium at any time and in any desired quantity. The only possible approach for reducing fraud, when ordinary computer printers are used, is to incorporate cryptographically secure information into the postal indicium, and to read and verify that information on each and every mail piece. The present invention is~directed to system configurations in which such cryptographically secure information is generated for use
in printing such indicia. To be commercially viable, such system configurations must not only satisfy the requirements of the postal authorities, but must also provide user function more or less approximating that of present-day postage meters.
Disclosure of invention
A proof-of-postage generating system wherein funds, application of those funds, the replenishment of those funds and the auditing of those funds are secure against attempts at fraud. The system may either be a Closed System (CS) wherein the pro of-of postage printing means are housed within the system computational means or within a cryptographically secure boundary. Further, the system my be an Open System (OS) wherein the proof-of postage printing means are external to the system computational means.
Brief description of the drawing
The invention will be described with respect to a drawing in several figures, of which:
Fig. 1 is a functional block diagram of a first embodiment of a closed-system type of postage meter,
Fig. 2 is a functional block diagram of a second embodiment of a closed-system type of postage meter;
Fig. 3 is a functional block diagram of a third embodiment of a closed-system type of postage meter;
Fig. 3A is a functional block diagram of a variant of a closed-system type of postage meter;
Fig. 4 is a functional block diagram of a first embodiment of an open-system type of postage meter;
Fig. 5 is a functional block diagram of a second embodiment of an open-system type of postage meter;
Fig. 6A is a functional block diagram of a third embodiment of an open-system type of postage meter, with an internally mounted postal security device (PSD);
Fig. 6B is a functional block diagram of a third embodiment of an open-system type of postage meter, with an externally mounted PSD;
Fig. 7A is a functional block diagram of a fourth embodiment of an open-system type of postage meter, with an internally mounted postal security device (PSD);
Fig. 7B is a functional block diagram of a fourth embodiment of an open-system type of postage meter, with an externally mounted PSD;
Fig. 8 is a functional block diagram of a fifth embodiment of an open-system type of postage meter;
Fig. 9A is a functional block diagram of a first embodiment of a hybrid of a closed-system and open-system type of postage meter; and
Fig. 9B is a functional block diagram of a second embodiment of a hybrid of a closed-system and open-system type of postage meter.
Modes for carrying out the invention
A proof-of-postage generating system is described wherein funds, application of those funds, the replenishment of those funds and the auditing of those funds are secure against attempts at fraud. The system may either be a Closed System (CS) wherein the proof-of postage printing means are housed within the system computational means or within a cryptographically secure boundary. Alternatively, the system may be an Open System (OS) wherein the proof-of postage printing means are external to the system computational means.
As will be described in more detail below, what is provided is a Postal Security Device (PSD)
within which is housed physically secure, as well cryptographically secure funds and associated accounting registers, said PSD itself being utilized within a dynamic system which provides for the interchange of data between a funds provider source, a computational funds tracking and maintenance source and a printing source. Each embodiment described below, whether an Open System (OS) or Closed System (CS), provides all necessary security against fraudulent attacks against the system. This invention is intended to provide a customers with a number of alternative approaches to optimize the customer's use, tracking, and replenishing of the customer's franking funds within the environment surrounding the dispensing of postal funds for proof-of-payment for the services required. In all cases, the proof-of-postage (postal indicium) is digitally generated data. Said digital data is represented as an image (generally, a printed image) on the mailpiece requiring said proof-of-postage. Said proof-of postage may be represented as a graphical image, human readable information, various bar codes (both 1 - dimensional or 2-dimeπsional codes), OCR characters, etc., or any combination thereof.
The Postal Security Device (PSD) will support methods of applying postage in lieu of the present-day approach, which is typically a self-contained electromechanical or mechanical postage meter which imprints indicia on mailpieces. Described below are a number of system integration designs wherein said PSD is a small element of both large and small systems capable of supporting the needs of both large and small businesses, as well as the private citizen.
The first embodiments set forth herein relate to Closed Systems (CS) which may take the form of three different embodiments, dependent upon the needs of the customer. This CS approach provides a printing means within the franking device or within a cryptographically secure boundary as executed by a vendor. Said franking device is dedicated to the imprinting of proof-of-postage (said proof-of-postage will take the form and aesthetics required by the regulating body) and other related information (at times referred to as audit information and reports). In all cases and embodiments, the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD.
In the first embodiment of this closed system arrangement, the Postal Security Device (PSD)
22 is attached as a "donglε" (an adaptive interfacing device which connects to and uses a communications port while still allowing the port to be used by other devices) to the self contained franking device 24 (see Figure 1). The cryptographic data content between the PSD 22 and franking device 24 is verified for authenticity (e.g. signature certificate) whereupon the printing mechanism 25 within the franking device 24 delivers the appropriate image to the mailpiece, letter or invoice. Crediting new funds to the PSD is managed by an interface (modem) 21 adapted to the franking device 24 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD through the franking device 24. The communications between the franking device 24 and Data Center 20 or between the franking device 24 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. Said PSD 22 may be moved from one franking device 24 to another so long as each franking device 24 is authorized/keyed to function with said PSD 22. In all cases the PSD 22 has the ability to account for funds and history as related to the franking device 24 to which it has been attached.
Those skilled in the art will appreciate that the communications channel 31 between the franking device 24 and the data center 20 need not be secure. The channel 31 may be a dialed voice telephone call over the public switched telephone network, with modems at each end of the line. Alternatively, the channel 31 may be an ISDN telephone call, or may be a TCP/IP session placed over any suitable physical medium and underlying protocol, such as frame relay. The communications between the franking device 24 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
Those skilled in the art will also appreciate that the postal security device 22 contains an accounting register indicative of postage value, and contains cryptographic means, said cryptographic means disposed for secure communications with a remote host 20 for adjustment of the contents of said accounting register, said cryptographic means further disposed for generation of data to be included in said postal indicia, said postal security device 22 disposed to account within said accounting register for postage value provided in said
postal indicia and to fail to generate such data when said accounting register satisfies a predetermined condition. In a typical arrangement, the accounting register of the PSD 22 is a descending register, and postal indicia are printed only if the value stored in the descending register is greater than the amount of postage value desired to be printed. In this way the postage printing system employing the PSD 22 mimics the well-known behavior of a present- day postage meter in which the meter refuses to print more postage if it is empty or almost empty.
In the second embodiment of this closed system employment, as shown in Fig. 2, the Postal Security Device (PSD) 22 is internal to the franking device 24 and is disposed to the same security requirements of the first embodiment Crediting new funds to the PSD is managed by an interface (modem) 21 adapted to the franking device 24 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the franking device 24. The communications between the franking device 24 and Data Center 20 or between the franking device 24 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. The communications between the franking device 24 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention. Said PSD 22 is not accessible for removal from the franking device 24. Attempts to do so or to modify PSD contents will be met with its fail safe ability to secure itself and its internal registers as required by the regulatory authority.
In the third embodiment of this closed system employment, the Postal Security Device (PSD) 22 is interfaced to a personal computer 26 as is shown in Figure 3
The PSD 22 is credited with funds via communications (typically modem) between the personal computer (PC) 26 and associated Data Center 20. The communications between the PC 26 and Data Center 20 foliow the cryptographic security rules and signature verifications required by the regulatory body. The communications between the PC 26 and data center 20 may desirably be carried out as set forth in U.S. Pat No. 5,237.506, assigned to the same
assignee as the assignee of the present invention. Further, the secure communications between the PSD 22 and the remote franking device 24 are likewise assured.
The PC 26 is programmed so that it can receive a request from a user for the printing of postage, and forward information about the request to the PSD 22. The PSD 22 provides cryptographically secured data which will be contained in the postal indicium, and this data is provided eventually to a printer for printing.
In a variant of this closed system, as shown in Fig. 3A at least two closed system printers 24 (each a dedicated printing mechanism 25, preferably in a secure housing) are networked to a Postal Security Device 22. In some prior-art systems the PSD is in the same secure housing as the printing mechanism. Here, a cryptographic boundary 102 is established which contains the PSD and each of the at least two closed system printers 24. Another way to describe this is that the communications channel that networks the PSD and the printers is a channel which passes messages each of which is cryptographically authenticated so as to provide the equivalent of a secure physical housing containing the PSD and the printers. The PSD is desirably in a personal computer, connected by modem 21 via a communications channel 31 to a remote data center 20.
Those skilled in the art will appreciate that it may not be necessary that the passed messages be encrypted. Instead, it may suffice that they are merely cryptographically signed or otherwise cryptographically authenticated.
The printers can be used for any of a number of franking applications, including: mail transporting and franking, a static franking system, a semi-automatic franking system (e.g. insert mailpiece-eject mailpiece), or combinations thereof.
It should be appreciated that the particular cryptographic standards employed in generating the data for the indicium are specified by the postal authorities, and thus that the particular cryptographic standard employed is not critical to the invention. Likewise, the form of indicium (e.g. 1 -D or 2-D bar code and other aspects of layout) are also specified by the postal authorities and thus are not critical to the invention.
The PSD device 22, evident in the first and third embodiments (Figs. 1 and 3), present the opportunity for physically relocating said PSD 22 from a system configuration evidenced in Figure 1 to a different system configuration evidenced in Figure 3, or vice versa. Said PSD 22 has the capability of optionally containing pertinent information regarding the system adaptation to which it is incorporated, including such parametric data as host serial numbers, register readings, and the like. The PSD 22 noted in Figure 3 could be located in or on the Franking Device 24, to wit, the PC 26 would communicate to the Franking Machine's PSD via any PC compatible communications link (e.g. RS232, parallel, etc.).
The Open System (OS) arrangement, which may take the form of five different embodiments, will now be described. The selection of the particular embodiment is determined by the needs of the customer. This employment provides a printing means 23 outside a franking device. Said printing means 23 is any commercially available printing means capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements addressing said franked image content, makeup and resolution. In all cases and embodiments, the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD. In the first embodiment of this open system arrangement, as
shown in Fig. 4, the PSD 22 is interfaced to a Personal Computer (PC) 26 communication port. Also interfaced to the same PC 26 is a printer 23 capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
Crediting new funds to the PSD 22 is managed by an interface (modem) 21 adapted to the PC 26 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the PC 26. The communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. The communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention. Said PSD may be moved from one PC 26 to another. Further, said PSD 22 may be relocated to a Closed System (CS) embodiment such as that set forth in Figs. 1 and 3.
In the second embodiment of an Open System arrangement, the PSD 22 is internally interfaced to a Personal Computer (PC) 26 as is shown in Figure 5. Also interfaced to the same PC 26 is a printer 23 capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
This embodiment of the Postal Security Device (PSD) 22 is subjected to the same security requirements as are applicable in the first embodiment. Crediting new funds to the PSD 22 is managed by interface (modem) 21 adapted to the PC 26 which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the PC 26. The communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. The communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
In the third embodiment of an Open System arrangement, the PSD 22 is internally mounted (Figure 6A) or externally interfaced (Figure 6B) to a networked host 27. Networked to the
host 27 are one or more Personal Computers (PC) 26. The printing device 23 is interfaced to the host 27, as might be the case in a centralized mailing application. The printer 23 is capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements.
This embodiment of the Postal Security Device (PSD) 22 is subjected to the same security requirements as in the other embodiments. Crediting new funds to the PSD 22 is managed by interface (modem) 21 adapted to the Networked host which communicates cryptographically with a host Data Center 20 which provide funds for the PSD 22 through the Networked host 27. The communications between the Data Center 20 and PSD 22 are cryptographically encoded with all transactions being verified by the crypto-code structure and certificate authorization schema as required by the regulating body. The communications between the PSD 22 and data center 20 may desirably be carried out as set forth in U.S. Pat. No. 5,237,506, assigned to the same assignee as the assignee of the present invention.
The Networked host 27 provides its interfaced printer 23 with the indicia representing addressing and postage value information requested by the local PCs 26 in accordance with indicia context requirements of the regulatory body. The PSD 22 depicted in Fig. 6B may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
In the fourth embodiment of an Open System arrangement, the printing devices 23 are interfaced to local Personal Computers 26, rather than to a Networked host 27. Figs. 7A and 7B present the described configuration. Fig. 7A defines the Networked host 27 with its PSD 22 internally mounted while Figure 7B shows the PSD 22 externally interfaced to the Networked host 27. However, the PSD 22 depicted in Fig. 7B may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
In a fifth embodiment of an Open System arrangmεnt, the printing devices 23 are interfaced to either local Personal Computers 26 or a master host workstation 27 as shown in Fig. 8. A single PSD 22 can support one or more indicium application sources from a master
workstation 27. This embodiment is typical of a decentralized office environment where indicium applications occur at different workstations 26. However, only one workstation 27 in the local network loop 33 need have the PSD 22. All work stations 26 have the ability to produce secure indicia.
This embodiment of the Postal Security Device (PSD) 22 is subjected to the same security requirements as in the previously described embodiments. Crediting new funds to the PSD 22 is managed by interface (modem) 21 adapted to the workstation 27 to which the PSD 22 is attached which communicates cryptographically with a remote host Data Center 20 which, in turn, provides funds for the PSD through the workstation 27 to which the PSD 22 is attached. The workstation 27 to which the PSD 22 is attached provides its interfaced printer 23 and/or one or more of its interfaced workstations 26 with the indicia representing addressing and postage value information requested by the associated workstation 23 in accordance with indicia context requirements of the regulatory body. The PSD 22 depicted in Fig. 8 may be moved to any other Open or Closed system application interfacing the PSD 22 in a like manner.
Finally, hybrid systems may be employed in which a Closed System (CS) franking device is interfaced to an Open System (OS) Personal Computer-based system which may take the form of two different embodiments, dependent upon the needs of the customer, as disclosed in Figs. 9A and 9B. Such a system provides the ability for a CS, typified in Fig. 2 whose PSD may be internal to the franking device as disclosed in Fig. 2, or external to the franking device, as disclosed in Fig. 1. The Fig. 9A embodiment depicts said franking device interfaced to an external Personal Computer (PC) 26 which requests and receives proof of postage data from the CS franking device 24 for application to a mailpiece being processed through its (the PCs) own dedicated printer 23.
Alternately as shown in Fig. 9B, said PC 24 may be networked to one or more Personal Computers 26 with each of those PCs 26 accessing one or more printers 23. Said printing means relates to any commercially available printing means capable of reproducing the franked image content, makeup and resolution in accordance with regulatory requirements addressing
said franked image content, makeup and resolution. In each embodiments, the cryptographic content of the printed indicia image contains information unique to that transaction and specific PSD.
In summary, the following have been disclosed:
•The PSD 22 via the "dongle" or other adaptive interfacing device which connects to and uses a communications port while still allowing the port to be used by other devices interface may be connected to a device not previously predisposed to accepting installation of said PSD 22.
•The PSD 22 can be credited with new or additional funds via a modem 21 within or external to the PSDs host.
•The PSD 22 can be credited with new or additional funds via a communications port (e.g. RS232) on the PSDs host. The host, in turn, utilizes its internal or external modem to contact a remote central Data Center for downloading of funds to be credited to the PSD 22.
•The PSD 22 may be removed from its host and connected to the parallel or serial port of a PC 26 with modem communications ability wherein said PC would communicate with a remote central Data Center to download funds into the PSD. The PSD would then be returned to its operational host.
•The PSD may be connected directly to a PC wherein:
- A postage metering device obtains a postmark (indicium) data from said PC, operating in a Closed System (CS) environment.
- A PC software can obtain a postmark (indicium) data from the same PSD in either an OS or CS.
- A PC can be networked and share a single PSD with associated PCs/workstations in
an OS.
•While a PSD is connected to a postage metering device it is able to:
- Output postmarks (indicium) data to a PC connected to the postage metering device's communication port (e.g. RS232) when operating in an Open System (OS) franking environment.
- The postage metering device configured as a Personal Computer (PC) is capable of being networked to one or more PCs to support multiple OS franking workstations.
While the invention has been described with respect to particular embodiments and figures, it should be understood that the invention is not limited to those particular embodiments and figures. Indeed, those skilled in the art will readily identify numerous obvious variations of the invention, all of which are within the invention, as defined by the claims that follow.