Postage metering systems print and account for postage and other unit value printing such as parcel delivery service charges and tax stamps. These systems have been both electronic and mechanical. Some of the varied types of postage metering systems are shown, for example, in U.S. Pat. No. 3,978,457 for MICROCOMPUTERIZED ELECTRONIC POSTAGE METER SYSTEM, issued Aug. 31, 1976; U.S. Pat. No. 4,301,507 for ELECTRONIC POSTAGE METER HAVING PLURAL COMPUTING SYSTEMS, issued Nov. 17, 1981; and, U.S. Pat. No. 4,579,054 for STAND ALONE ELECTRONIC MAILING MACHINE, issued Apr. 1, 1986. Moreover, other types of metering systems have been developed which involve different printing systems such as those employing thermal printers, ink jet printers, mechanical printers and other types of printing technologies. Examples of these other types of electronic postage meter are described in U.S. Pat. No. 4,168,533 for MICROCOMPUTER MINIATURE POSTAGE METER, issued Sep. 18, 1979; and, U.S. Pat. No. 4,493,252 for POSTAGE PRINTING APPARATUS HAVING A REMOVABLE PRINT HEAD AND A PRINT DRUM, issued Jan. 15, 1985. These printing systems enable the postage meter system to print variable information which may be alphanumeric and graphic type of information.
Card controlled metering systems have also been developed. These systems have employed both magnetic strip type cards and microprocessor based cards. Examples of card controlled metering systems employing magnetic type cards include U.S. Pat. No. 4,222,518 for METERING SYSTEM, issued Sep. 16, 1980; U.S. Pat. No. 4,226,360 for METERING SYSTEM, issued Oct. 7, 1980; and, U.S. Pat. No. 4,629,871 for ELECTRONIC POSTAGE METER SYSTEM SETTABLE BY MEANS OF A REMOTELY GENERATED INPUT DEVICE, issued Dec. 16, 1986. A microprocessor ("smart card") based card metering system providing an automated transaction system employing microprocessor bearing user cards issued to respective users is disclosed in U.S. Pat. No. 4,900,903 for AUTOMATED TRANSACTION SYSTEM WITH INSERTABLE CARDS FOR TRANSFERRING ACCOUNT DATA, issued Feb. 13, 1990. Moreover, systems have also been developed wherein a unit having a non-volatile read/write memory which may consist of a EEPROM is employed. One such system is disclosed in U.S. Pat. No. 4,757,532 for SECURE TRANSPORT OF INFORMATION BETWEEN ELECTRONIC STATIONS, issued Jul. 12, 1988 and U.S. Pat. No. 4,907,271 for SECURE TRANSMISSION OF INFORMATION BETWEEN ELECTRONIC STATIONS, issued Mar. 6, 1990.
Postage metering systems have also been developed which employ encrypted information printed on a mail piece. The postage value for a mail piece may be encrypted together with other data to generate a digital token. A digital token is encrypted information that authenticates and enables verification of the integrity of the information imprinted on a mail piece including postage values. Examples of postage metering systems which generate and employ digital tokens are described in U.S. Pat. No. 4,757,537 for SYSTEM FOR DETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING SYSTEM, issued Jul. 12, 1988; U.S. Pat. No. 4,831,555 for SECURE POSTAGE APPLYING SYSTEM, issued May 16, 1989; U.S. Pat. No. 4,775,246 for SYSTEM FOR DETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING SYSTEM, issued Oct. 4, 1988; U.S. Pat. No. 4,873,645 for SECURE POSTAGE DISPENSING SYSTEM, issued Oct. 10, 1989; and, U.S. Pat. No. 4,725,718 for POSTAGE AND MAILING INFORMATION APPLYING SYSTEM, issued Feb. 16, 1988 and the system disclosed in the various United States Postal Service published specifications such as Information Based Indicium Program Key Management System Plan, dated Apr. 25, 1997; Information Based Indicia Program (IBIP) Open System Indicium Specification, dated Jul. 23, 1997; Information Based Indicia Program Host System Specification dated Oct. 9, 1996, and Information Based Indicia Program (IBIP) Open System Postal Security Device (PSD) Specification dated Jul. 23, 1997.
These systems, which may utilize a device termed a postage evidencing device (PED), employ an encryption algorithm to encrypt selected information to generate the digital token. The encryption of the information provides security to prevent altering of the printed information in a manner such that any change in the values printed in the postal revenue block is detectable by appropriate verification procedures.
Typical information which may be encrypted as part of the input to a digital token includes the value of the imprint, the origination zip code, the recipient addressee information (such as, for example, delivery point destination code), the date and a serial piece count number. These items of information when encrypted with a secret or private key and imprinted on a mail piece provide a very high level of security which enables the detection of any attempted modification of the information in the postal revenue block, where this information may be imprinted both in encrypted and unencrypted form. These digital token systems can be utilized with both a dedicated printer, that is, a printer that is securely coupled to an accounting module such that printing cannot take place without accounting or in systems employing non-dedicated printers and secure accounting system. In this case, such as in personal or (wide area or local area) network computing systems, the non-dedicated printer may print the digital token as well as other information.
Digital tokens need to be computed and printed, for example, in the postal revenue block for each mail piece. The digital token transformation (DTT) computation requires a secret or private key, that has to be protected and may be periodically updated. One of the more difficult problems with encrypted evidence of postage payment is the key management problem. Indeed, the use two digital tokens (postal and vendor) is described in pending U.S. Pat. No. 5,390,251 for MAIL PROCESSING SYSTEM INCLUDING DATA CENTER VERIFICATION FOR MAILPIECES, issued Feb. 14, 1995, the entire disclosure of which is hereby incorporated by reference. In such systems, the digital tokens are usually computed for every mail piece processed. This computation involves taking input data such as serial piece count, date, origination postal code and postage amount and encrypting this data with secret keys shared by the postage evidencing device (PED) and postal or courier service and by the postage evidencing device and device manufacturer or vendor. This sharing requires coordination of key updates, key protection and other measures commonly referred to as a key management system. The computation of digital tokens takes place upon request to generate tokens by a mailer. This computation is performed by the postage evidencing device. Thus, the postage evidencing device needs to have all the information required for computation, and, most significantly encryption keys. Moreover, refilling the postage evidencing device with additional postage funds also requires separate keys and a management process. In these systems, the process of token generation is accomplished with real time token computation and tokens can be computed for any combination of input parameters allowed by the system.
Various enhanced systems have been developed including systems disclosed in U.S. Pat. No. 5,454,038 for ELECTRONIC DATA INTERCHANGE POSTAGE EVIDENCING SYSTEM, issued Sep. 26, 1995; U.S. Pat. No. 5,448,641 for POSTAL RATING SYSTEM WITH VERIFIABLE INTEGRITY, issued Sep. 5, 1995; and, U.S. Patent No. 5,625,694, for METHOD OF INHIBITING TOKEN GENERATION IN AN OPEN METERING SYSTEM, issued Apr. 29, 1997, the entire disclosure of which is hereby incorporated by reference.
As noted above, it has been recognized that addressee information can be incorporated into the digital token. This provides enhanced security. The inclusion of addressee information in the digital token insures that for an individual to perpetrate a copying attack by copying a valid indicia from one mail piece on another mail piece and entering it into the mail stream, the fraudulent mail piece must be addressed to the same addressee as the original valid mail piece. If this has not been done, the fraudulent mail piece would be detectable as having an invalid indicia upon verification at a mail processing facility.
It has also been recognized that a level of enhanced security can be obtained by generating the digital tokens using a subset of addressee information. This concept is disclosed in published European Patent Application Publication No. 0782108 for A METHOD FOR AUTHENTICATING POSTAGE EVIDENCING USING DIGITAL TOKENS GENERATED FROM A SUBSET OF ADDRESSEE INFORMATION, filed Dec. 19, 1996 and published Jul. 2, 1997. The published European application discloses, inter alia, using the hash code of a predetermined appropriate section of each address field as part of the digital token transformation process. It is suggested that the first 15 characters of each line can be selected as such appropriate section of each address field for authentication. An error correction code is generated for the selected address data using, for example, Reed Solomon or BCH algorithms. A secure hash of this section of the address field data is generated, which is sent to a vault (PED) along with the postage required and date data. This information, the section of the address field, is part of a request for a digital token. The vault which may be coupled to a personal computer (PC) generates the digital token using this data. The error correcting code is printed on the mail piece in alpha numeric characters or bar code format. Upon verification, an OCR system reads the delivery address from the mail piece and the data from the indicium. Using an OCR or bar code reader, the error correcting code is also read. An error correcting algorithm is executed using the error correcting code. If errors are not correctable, then the recognition process is notified of a failure. If correctable, the appropriate section of each address field is selected for authentication. A secure hash of the selected data is generated during the verification process. A secure hash and the postal data are then sent to the verifier which then generates digital tokens that are compared to the digital tokens printed on the mail piece to complete the verification process.