1. Field of the Invention
The present invention relates to a method of printing a token by a printer.
2. Description of Related Art
When web users make a purchase of a ticket (a specific example of a token) via the internet, a physical ticket is usually made available for later use at a location where a show of possession of the ticket is needed. For example, when a user purchases a theatre ticket, the ticket may be dispatched by post to an address specified by the user, a reference number may be made available for the collection of a ticket from an agent physically or geographically nearby, upon showing some proof of identity such as a credit card, or the user may retrieve the ticket from the theatre upon showing the credit card used for purchase of the ticket which has the name of the user on it.
There are many potential inconveniences associated with these known approaches. A posted ticket may be lost in the post or delayed. When the ticket is provided to an agent, a loss of reference or an administrative error in sending the ticket to the agent can result in failure of the transaction. A ticket to be given to a third party cannot be handed over in advance of a theatre performance without going through one of the first two steps, which may fail. If to be collected at the venue, the user needs to be at the entrance of the venue early to collect pre-booked tickets and may fail to collect it through not having the correct credit card, lateness or a long queue.
The present applicant has identified a need to provide an improved approach to issuing a physical token to, for example, an internet user.
According to an embodiment of the invention, a method of printing a token by a printer includes use of a printer which includes a digital identification device configured to generate a series of distinct print job counter numbers and to provide a public key of a cryptographic public key/private key pair. The method includes the steps of sending a printer-generated print job counter number and an encryption key to a token issuer. The token issuer then sends to the printer a message encrypted by the encryption key, the message including the print job counter number and information representative of the token to be printed. The printer decrypts the encrypted message and prints the token using the information representative of the token if the print job counter number is valid.
The producer of the printer could be a trusted party who promises to fulfil and guarantee the requirements of both the ticket purchaser and the seller. The digital identification device could be embedded in the printer hardware as a printer identity module (PIM) unique to the printer similar to the SIM of a mobile telephone. Other means to provide the digital identification could be employed, for example a personal smart card with a personal digital certificate provided by a trusted certifying authority. The present invention is not confined to any particular approach to providing a digital identification device of the required functionality.
The encryption key may be the public key, which may be presented in the form of a digital certificate signed by the printer manufacturer. The encryption key may be a symmetric session encryption key and the method may include using the public key as an enveloping key for sending the symmetric session key to the token issuer securely.
Embodiments of the ticket printing system of the present invention will generally involve three parties. First, there is the ticket issuer who receives a payment for one or more tickets to be presented physically at a future point in time. Second, there is the purchaser who has paid for the tickets online who can print the tickets immediately for physical possession. Third, there is the venue entrance controller who will provide to the ticket holder services on presentation of the tickets. The venue entrance controller could also be the ticket issuer.
Embodiments of the invention may provide, from the token issuer""s point of view, that the number of tickets printed is exactly as mandated by the issuer/server; the tickets are only printable on the printer designated by the purchaser; the printer is able to confirm to the issuer the physical completion of the printing; and no record of the mapping between the ticket and the buyer is kept. These assurances are obtainable by use of the trusted printer with the required functionality built into it in a secure, non-tamperable fashion including physical tamper-proof provision in known manner. The digital identification device may include a trusted party""s digital certificate transmittable on request to the token issuer to confirm the printer has the required security.
Embodiments of the invention may provide, from the buyer""s point of view, that the issuer cannot repudiate the authorisation of number of tickets for print; there are mechanisms to ensure that printer failure, ie., running out of paper or ink, jammed machine, power failure and so forth will be accounted for and the ticket will be printed as expected; the physical ticket is printed on standard office paper; and the physical ticket cannot be copied easily or quickly. For example, the printer can be arranged to generate a print fail indication which the token issuer will trust indicates the token has not been printed and that the transaction can be properly cancelled. Embodiments of the invention may provide, from the service provider""s point of view, that the physical ticket can easily be identified to be genuine, no additional information (such as that in a data base), apart from that on the ticket, is needed to verify the ticket; and the physical ticket cannot be copied easily or quickly. The second of the two requirements is the same as that of the ticket buyer.
The encrypted message sent from token issuer may include information representative of the number of tokens, each according to the information representative of the token to be printed in the encrypted message, are to be printed by the printer. The printer then prints the number of tokens indicated by the information representative of the number of tokens to be printed in the encrypted message. This permits a single user to buy a number of tickets to an event in one transaction.
The encrypted message may include information representative of a replication resistant marking applicable to the token. The replication resistant marking for the token may be applied by the printer. These could be digital, printable watermarks of known type, for example.
The printer may send an acknowledgement to the token issuer that the entire printing of the token has been completed. The acknowledgement may be digitally signed using the private key of the printer. The acknowledgement may include all or part of the information representative of the token to be printed provided by the token issuer or other information by which the token issuer can confirm the tokens printed are those of that particular transaction. When the acknowledgement is verified by the token issuer a database may be updated to indicate that that token has been issued so the token issuer knows that that token should not be reissued. The messages between the printer and token issuer may be mediated by the token receiver""s own computer system, for example a home computer system. The computer system may run an application program and a printer driver program. In this case the token receiver may input a command to the application indicating a printed token is desired. The application may then request the printer, via the printer driver, to provide the print job counter number and public key, the application sending the print job counter number and public key to the token issuer, and the application receiving the encrypted message from the token issuer and sending it to the printer via the printer driver. The printer and token issuer may be in communication at least in part via the internet.
The application could be a plug-in for a web browser and configured to establish and mediate communications between the token buyer""s system and the token issuer""s computing system, via the internet, for example.
It can be seen that, in general terms, the present invention provides a cryptographic solution to token printing, providing a secure business process which is suited also to a digital information rendering machine which is required to make one time deliveries to the subscriber.
Other aspects and advantages of the invention will become apparent from the following detailed description of exemplary embodiments taken in conjunction with the accompanying drawings.