Generally, postage metering systems are well known in the art. Typically, the traditional mechanical and electronic postage meters have employed physical security and specialized inks to prevent fraud. The registers that maintain an accounting of postal funds have been located within a secure housing along with a dedicated printer. As a further measure, the dedicated printers have used fluorescent ink to provide an extra aid in the detection of an authentic postage meter indicium.
More recently, postal authorities have promulgated regulations that allow postage meter manufacturers to utilized digital printing technology (laser, ink jet, thermal transfer, etc.), either embedded as part of a mail handling system or as a general purpose office printer. As an example, the United States Postal Service (USPS) has enabled the decoupling of the postage meter and the printer and allowed the use of digital printers by establishing an Information-Based Indicia Program (IBIP). The IBIP is a distributed trusted system established by the USPS to retrofit and augment existing postage meters using new technology known as information-based indicia. The IBIP relies on digital signature techniques to produce for each mail piece an indicium whose origin cannot be repudiated. Thus, in contrast to traditional postage metering systems employing mechanical printing technology and physical security, the IBIP supports new methods of securely applying postage to mail pieces. Generally, the IBIP requires printing a high-density two-dimensional (2D) bar code on a mail piece. The 2D barcode encodes various information associated with the mail piece and is subsequently signed with a digital signature.
The USPS has published detailed specifications for the IBIP. Generally, the IBIP is directed to two types of postage metering systems. The first type is referred to as a closed system and is defined in the INFORMATION BASED INDICIA PROGRAM—PERFORMANCE CRITERIA FOR INFORMATION-BASED INDICIA AND SECURITY ARCHITECTURE FOR CLOSED IBI POSTAGE METERINGS SYSTEMS, dated Jan. 12, 1999, (“IBIP Closed System Specification”). The second type is referred to as an open system and is defined in the INFORMATION BASED INDICIA PROGRAM—PERFORMANCE CRITERIA FOR INFORMATION-BASED INDICIA AND SECURITY ARCHITECTURE FOR OPEN IBI POSTAGE EVIDENCING SYSTEMS, dated Feb. 23, 2000, (“IBIP Open System Specification”). Together, the IBIP Closed System Specification and the IBIP Open System Specification define the requirements for next generation postage metering systems.
Although the transition to digital printing provides many advantages, the postal authorities recognize that digital printing spawns potential new forms of fraud. As an example, an individual seeking to commit a fraud upon the postal authority need only utilize their computer, image scanner and printer to generate multiple copies of a single postal indicium. Thus, a valid indicium may be replicated perfectly. This technique is referred to as fraud by duplication.
As a result, measures have been developed to detect such attempts to defraud the postal authorities. Typically, these measures involve verifying the authenticity of the postal indicium on a mail piece as the mail piece is being processed by the postal authority. This verification activity seeks to ensure that the postage amount shown in the postal indicium has been properly accounted for. For instance, the postal authority may validate the digital signature discussed above to determine the authenticity of the postal indicium. However, this will not necessarily expose a second mail piece with a duplicated postal indicium representing an exact copy of a valid indicium. Thus, detection of these types of duplicates, and other issues, present problems for the postal authorities.
Another problem faced by the postal authorities is the intensive data processing required of a distributed mail processing system employing a plurality of remotely located processing centers. Typically, the processing center must scan each postal indicium to obtain its data, conduct database lookups, perform cryptographic calculations and determine whether or not the postal indicium is valid. If a mail piece cannot be validated, it is diverted to an out sort bin for further investigation and/or return to the sender. Complicating this situation is the fact that such verification processing is conducted by a single mail piece processing system. This necessitates that the verification processing is completed during the interval between mail piece scanning and the diversion location to the out sort bin. Given the rate at which the processing machines operate (up to 12 mail pieces per second), there is very little time to perform verification checks.
Still further complications exist. If the cryptographic computations are to be performed locally (on individual processing machines), then large amounts of data must be distributed to all of the processing machines (e.g. cryptographic keys for each postage meter, data to enable detection of duplicate indicia) and kept updated to reflect changes in the meter population. On the other hand, if the computations are performed remotely, then the postal indicium data for each mail piece must be transmitted in real time to a central location, validated and the results returned to the processing machine before the mail piece reaches the diversion point. Both of these arrangements require significant real time processing and rapid database access.
Yet another problem is the risk that the digital signatures and cryptography underlying the security of the postal system could be compromised. This could occur because of a successful attack or the release/use of information necessary to generate valid postal indicia by someone (a postal authority employee) having access to the security system. Once compromised in this manner, someone could print “valid” postal indicia that would pass verification by the postal authority. Thus, the postal authority would suffer losses from a fraudulent actor submitting postal indicia into the postal system that to all appearances would be beyond reproach.
Therefore, there is a need for a mail piece verification system that provides operational advantages over those described above. Furthermore, there is a need for a mail piece verification system that includes a forensic accounting capability for improving upon the detection of apparently valid postal indicia.