The invention disclosed herein relates generally to systems and methods for evidencing postage payment, and more particularly to systems and methods for evidencing postage payment using a personal computer.
Postage metering systems have been developed which employ encrypted information that is printed on a mailpiece as part of an indicium evidencing postage payment. The encrypted information includes a postage value for the mailpiece combined with other postal data that relate to the mailpiece and the postage meter printing the indicium. The encrypted information, typically referred to as a digital token or a digital signature, authenticates and protects the integrity of information, including the postage value, imprinted on the mailpiece for later verification of postage payment. Since the digital token incorporates encrypted information relating to the evidencing of postage payment, altering the printed information in an indicium is detectable by standard verification procedures. Examples of systems that generate and print such indicium are described in U.S. Pat. Nos. 4,725,718, 4,757,537, 4,775,246 and 4,873,645, each assigned to the assignee of the present invention.
Presently, there are two postage metering device types: closed system and open system. In a closed system, the system functionality is solely dedicated to metering activity. Examples of closed system metering devices, also referred to as postage evidencing devices, include conventional digital and analog (mechanical and electronic) postage meters wherein a dedicated printer is securely coupled to a metering or accounting function. Typically, in a closed system, the printer is securely coupled and dedicated to the meter, and printing evidence of postage cannot take place without accounting for the evidence of postage. In an open system, the printer is not dedicated to the metering activity, freeing system functionality for multiple and diverse uses in addition to the metering activity. Examples of open system metering devices include personal computer (PC) based devices with single/multi-tasking operating systems, multi-user applications and digital printers. An open system metering device is a postage evidencing device with a non-dedicated printer that is not securely coupled to a secure accounting module. An open system indicium printed by the non-dedicated printer is made secure by including addressee information in the encrypted evidence of postage printed on the mailpiece for subsequent verification. See U.S. Pat. Nos. 4,725,718 and 4,831,555, each assigned to the assignee of the present invention.
Recently, the United States Postal Service (xe2x80x9cUSPSxe2x80x9d) has approved personal computer (PC) postage metering systems as part of the USPS Information-Based Indicia Program (xe2x80x9cIBIPxe2x80x9d). The IBIP is a distributed trusted system which is a PC based metering system that is meant to augment existing postage meters using new evidence of postage payment known as information-based indicia. The program relies on digital signature techniques to produce for each mailpiece an indicium whose origin can be authenticated and content cannot be modified. The IBIP requires printing a large, high density, two-dimensional (xe2x80x9c2-Dxe2x80x9d) bar code on a mailpiece. The 2-D bar code, which encodes information, is signed with a digital signature. A description of the IBIP PERFORMANCE CRITERIA FOR INFORMATION-BASED INDICIA AND SECURITY ARCHITECTURE FOR OPEN IBI POSTAGE METERING SYSTEMS (PCIBI-O), a published draft Security Device (xe2x80x9cPSDxe2x80x9d), which is a secure processor-based accounting device that is couple to a personal computer to dispense and account for postal value stored therein to support the creation of a new xe2x80x9cinformation-basedxe2x80x9d postage postmark or indicium that will be applied to mail being processed using IBIP, and defines the proposed requirements for a host system element (personal computer) of IBIP.
The IBIP Specification defines a stand-alone open metering system, referred to herein as a PC Meter, comprising a PSD coupled to a PC, which operates as a host system with a printer coupled thereto. The PC runs the metering application software and associated libraries and communicates with the attached PSD. The PC Meter processes transactions for dispensing postage, registration and refill on the PC. Meter processing is performed locally between the PC and the PSD coupled thereto. Connections to a Data Center, for example for registration and refill transactions, are made locally from the PC through a local or network modem/internet connection. Accounting for debits and credits to the PSD is also performed locally, logging the transactions on the PC. Several application programs running on the PC, such as a word processor or an envelope designer, may access the metering application software. At the present, the USPS has approved for one PC Meter product E-Stamp(copyright) Internet Postage which is distributed by E-Stamp Corporation of Houston, Texas. Other PC meter products are currently in beta test with the USPS.
The USPS has approved an alternative version of the PC Meter in which the PSD function is performed at a server that is remote from the PC and accessible through the Internet. This alternative version, which is referred to herein as a xe2x80x9cvirtual meterxe2x80x9d, is a network metering system, has many client PCs without any PSDs coupled thereto. The client PCs run application software for requesting and formatting postage indicia, but all PSD functions are performed on server(s) located at a Data Center. The PSD functions at the Data Center may be performed in a secure device attached to a computer at the Data Center, or may be performed in the Data Center computer itself. The client PCs must connect with the Data Center to process transactions such as postage dispensing, meter registration, or meter refills. Transactions are requested by the client PC and sent to the Data Center for remote processing. The transactions are processed at the Data Center and the results are returned to the client PC. Accounting for funds and transaction processing are centralized at the Data Center. See, for example, U.S. Pat. Nos. 5,454,038 and 4,873,645, which are assigned to the assignee of the present invention.
The virtual meter does not conform to all the current requirements of the IBIP Specifications. In particular, the IBIP Specifications do not permit PSD functions to be performed at the Data Center. However, it is understood that a virtual meter configuration with each mailer""s PSD located at the Data Center may provide an equivalent level of security as required by the IBIP Specifications.
In conventional closed system mechanical and electronic postage meters, a secure link is required between printing and accounting functions. For postage meters configured with printing and accounting functions performed in a single, secure box, the integrity of the secure box is monitored by periodic inspections of the meters. More recently, digital printing postage meters typically include a digital printer coupled to a metering (accounting) device, which is referred to herein as a postal security device (PSD). Digital printing postage meters have removed the need for physical inspection by cryptographically securing the link between the accounting and printing mechanisms. In essence, new digital printing postage meters create a secure point-to-point communication link between the PSD and print head. See, for example, U.S. Pat. No. 4,802,218, issued to Christopher B. Wright et al. and now assigned to the assignee of the present invention. An example of a digital printing postage meter with secure print head communication is the Personal Post Office(trademark) manufactured by Pitney Bowes Inc. of Stamford, Conn.
Although the IBIP provides a viable system and method for printing postage on a PC, there are requirements inherent in the IBIP that limit the desirability for use by small office home office users whose use of the PC metering may not include mailing in a volume sufficient to warrant costs above and beyond the costs of stamps purchase from the Post Office. For example, non-business users may balk at the additional cost associated with requiring the rental of a PSD or the administrative cost for maintaining an account at a Data Center. For the virtual meter, in addition to the cost, non-business users may balk at the need to connect to the Internet every time postage is needed.
At the present, the IBIP includes sampling verification, which is not a reliable method for detecting fraud. A more robust verification system must be implemented. A key component of any verification system for the IBIP is verification that addressee information contained in the 2-D bar code of the indicium is matched to addressee information contained in the addressee block of the mailpiece or in the postnet bar code on the mailpiece. It is not clear at this time how soon a reliable verification system will be in place to verify the volume of mailpieces that are produced by an IBIP PC meter. This problem is accentuated by the fact that IBIP verification of open system indicia, which includes verifying correct addressee information is in the indicia, must take place at the same time that verification of closed system indicia, which does not have addressee information in the indicia, is also being performed. The total verification process is even more complicated considering that there are different indicia created by traditional flatbed (i.e. non-digital) printer meters and digital printer meters.
The present invention provides an alternative to the IBIP scheme for PC postage. It has been found that a digital xe2x80x9cbook of stampsxe2x80x9d can be purchased electronically over the Internet. The digital book of stamps a self-executing software module that is configured to run only on one PC. The user purchases digital postage over the Internet in a manner comparable to purchasing a book of stamps from the post office. The digital postage can be for one or more denominations. Each digital postage stamp that is printed on a mailpiece is verifiable and can be identified as being printed by a, particular software module that has been run on a particular PC. In the present invention, a digital postage stamp does not include any addressee information. Therefore, any digital postage stamp can be used as postage payment evidence on any mailpiece, i.e., just as a conventional postage stamp.
In accordance with the present invention, verifiable digital postage may be printed by non-dedicated printer coupled to a PC wherein such digital postage does not include addressee information. Thus, purchasing postage value over, for example, the Internet, is akin to purchasing a book of stamps at the Post Office. Unlike the information-based indicium that requires addressee information, the present invention provides that each digital stamp printed by the PC can be used on any mailpiece. It has been found, however, that some form of encoded addressee information may be printed with the digital postage stamp to improve the verification process, but this does not restrict a particular digital postage stamp to a particular mailpiece.
A first embodiment provides a system and method for purchasing a book of digital stamps of fixed denomination over the Internet. The book of digital stamps comprises a software module that runs only on the PC from which the request for postage originates and to which the book of stamps is downloaded. The book of stamps is a software module that is created at the data center server for generating digital stamps only in the PC that initiated the purchase of the book of stamps. The software module comprises stamp data needed to generate each stamp, and algorithms for generating each of the digital stamps from the stamp data. Once all of the digital stamps have been printed, the stamp software module preferably uninstalls itself automatically after notifying the user that the book of stamps is empty. For purposes of security and control, the book of stamps can be programmed with a time limit for using the stamps.
In an alternative embodiment, the data center server generates the bitmap of the each stamp in the book of stamps and the bitmaps of the stamps are included with the software module, which further comprises algorithms for printing the stamps.
In yet another embodiment, the user purchases a book of stamps of no predetermined denomination, i.e. a total value of postage. The digital stamp software module then includes a user interface whereby the user selects the denomination for each stamp to be printed up to the unused amount of the book of stamps.
In accordance with the present invention, the data center is not required to maintain a user account for the prepayment or post-payment of postage value. Digital postage stamps are purchase over the Internet through conventional Internet transaction methods, such as by credit card. Thus, the present invention provides a method of purchasing digital postage stamps over the Internet in the same manner as one would purchase a book of stamps at the Post Office. It will be understood that under the present invention, the user may have more than one book of stamps stored on the PC. For example, the user may have a book of 33 cent digital stamps and a book of twenty cent digital stamps.
In accordance with the preferred embodiment of the present invention, a method for generating digital postage stamps provides a data center receiving a request from a PC for a selected number of digital postage stamps, concluding a payment transaction for the selected number of digital postage stamps, and generating a digital book of postage stamps, which the PC downloads to its hard drive. The digital book of postage stamps includes a read-only software module that generates and prints each digital postage stamp using stamp related information contained within the software module. The stamp related information includes stamp information that is required for each postage stamp, user information that identifies the requester and the PC, data center server information that is unique to each digital postage stamp and a digital signature of at least some of the user, stamp and/or server information. Before printing a digital postage stamp, the software module on the PC verifies that the signature of the PC is identical to the PC signature that was stored in the software module when the software module was configured at the data center server. If verified, the software module generates the digital postage stamp using the stamp, user and server data associated with the digital postage stamp and then initiates the printing of the digital postage stamp on a printer coupled to the PC. The software module renders the stamp, user and server data associated with the digital postage stamp being printed unusable for subsequent generations of digital postage stamps. When all stamps of the book of stamps have been printed, the software module uninstalls itself.