In this information age, use of computers to process, transfer, and store data is ubiquitous. To prevent tampering or unauthorized use of the data which contains vital information, cryptographic technology has been developed.
Well-known cryptographic methods for maintaining secrecy of data communications include a data encryption standard (DES) method. For details on the DES method, one may refer to: M. Smid et al., “The Data Encryption Standard: Past and Future,” Proceedings of the IEEE, Vol. 76, No. 5, May 1988. This method requires a DES algorithm, and a secret key known only to the sender and recipient of the data. The DES algorithm involves a number of iterations of a simple transformation of the data using the key. In each transformation, transposition and substitution techniques are alternately applied to the data.
Also well-known is the RSA cryptographic method, named after its developers, Rivest, Shamir and Adleman. For details on the RSA method, one may refer to: R. Rivest et al., “A Method for Obtaining Digital Signatures and Public Key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2, Feb. 1978. The RSA method involves a public key algorithm which uses a private key and a public key for data encryption. Unlike a private key, a public key can be published and made known to the public. The keys for the RSA algorithm are generated mathematically, and are computational inverses to each other. The success of the RSA method depends on the use of very large numbers for the keys.
In addition to providing encryption of a data message, some cryptographic methods can also be used to authenticate the message. For example, public key encryption algorithms such as the aforementioned RSA algorithm can be used to produce a “digital signature” for verifying the origin of the message and the identity of the sender. Another algorithm known as the “Digital Signature Algorithm (DSA)” can be used for that purpose as well. A digital signature is distinct for each data transaction. When a message is encrypted at the sender's end, the sender uses his/her private key to digitally sign the message. When the message is decrypted at the recipient's end, the recipient uses the sender's public key to verify the digital signature. If any alteration in either signature or message occurs, the signature does not verify.
Another well-known method for verifying the authenticity of a data message is based on the idea of arbitrated authentication. In accordance with this method, a third-party certification authority (sometimes called a “digital notary”) certifies an individual's or entity's public key so that the authority authenticating the digital signature is assured that the public key used to verify the message contents is truly associated with the sender.
Because of the ubiquitous presence of computers (in particular, personal computers (PCs)), prior art has suggested use of a general purpose computer, in lieu of a specialized postage meter, to print postage indicia serving as a proof of postage on mail pieces. To deter printing of unauthorized postage, the postage indicium applied on a mail piece includes postal data which is digitally signed, and thereby can be authenticated by a postal authority when the mail piece is processed. To facilitate the mail processing, the indicium is generated in the form of a bar-code readable by a scanner.