System, method, and apparatus for authenticating or validating a transaction or record using information-based indicia of payment or authorization.
The United States Post Office (USPO) has been considering electronic postage stamps for several years. According to the USPO, electronic postage should be printed on an envelope in the upper right hand corner (or on a label for an envelope or package), convey evidence that postage has been paid, contain mail processing data requirements, and contain security-related data elements. As shown in FIG. 1, the USPO desires that an electronic postage stamp be made up of human readable information as well as a two dimensional barcode with the following information:
Licensing ZIP Code
Date of Mailing
Destination Delivery Point
Postage
Software ID
Digital Signature
Ascending Register
Rate Category
Descending Register
Reserve Field
Algorithm ID
Indicia Version Number
Device ID
Certificate Serial Number
There are presently several competing commercial schemes for electronic postage. Typically these schemes are based on digital certificates. One such scheme provides a way for the postal vendor to access a secure nonvolatile memory on a user""s computer with a postage printing program. The goal here is to control the printer so that it never prints a given certificate twice, i.e., never prints the same certificate onto more than one copy of a label or envelope. Yet another scheme uses a unique mail piece identifier generated by a trusted third party for encrypting the postage information. The encrypted information is then printed on the mail piece. The problem with such methods is that because certificate information can be easily photocopied, the goal of security is not achieved. Unless the certificates are checked for re-use with an expensive database lookup system, there is no reliable way to prevent the certificate information from being copied and reused illicitly. Thus, none of the competing schemes provide a way to fully authenticate the electronic transactions generating the electronic stamps. Without adequate protection against copying, tremendous amounts of revenue are at risk.
Another problem with current schemes is that they typically do not provide an easy mechanism for revocation and replacement of electronic stamps in the case that an envelope tears or the printer jams. In advertent failure to mail a stamped article on the date encoded in the e-stamp certificate results in a similar problemxe2x80x94how can the user avoid forfeiting the money spent to purchase the postage? Some current schemes provide limited functionality for redating or otherwise correcting e-postage, but current techniques are typically clumsy and inefficient, which is particularly costly when one considers that postage stamps are used in extremely heavy volume.
The same needs and problems apply more generally to information-based indicia (xe2x80x9cIBIxe2x80x9d) for transactions besides postage, such as facility admission tickets (for events, movies, travel, etc.), coupons, vouchers, certificates, visas, receipts, and checks.
The present invention provides a method, apparatus, and system for securing and authenticating information based indicia that substantially eliminates or reduces certain disadvantages from previous IBI systems and methods.
One aspect of the invention described herein includes presenting a nonce stamp bearing a nonce; presenting a numbered digital certificate derived securely from the nonce, such as by encryption; and authenticating the transaction by comparing the number on the digital certificate and the nonce.
Typically the nonce may be represented on the nonce stamp in a form such as a bar code that can be read by humans and/or by standard image scanners. The digital certificate may be marked on a physical medium, and represented in the form of a two dimensional bar code.
Verifying the authenticity of a presented nonce stamp/certificate pair (and/or the authenticity of the transaction for which they are presented as indicia) is accomplished by comparing the number on the digital certificate and the nonce. Where the certificate is derived by encrypting the nonce using a private key for which an associated public key is made widely available, verification may be performed by decrypting the number on the presented digital certificate and matching the result against the presented nonce. Alternatively, if there is no public key then the verifying authority will be given access to the private key, and can perform verification by encrypting the presented nonce and comparing the result with the number on the presented digital certificate.
In typical applications, an end user customer obtains a digital certificate to accompany a nonce stamp by specifying a desired transaction, paying the purchase price for that transaction, and inputting the nonce number from a nonce stamp of the user. In some embodiments, users may obtain digital certificates remotely such as via an electronic communications network. In such embodiments digital certificate information (including the encrypted number for the digital certificate) may be electronically transmitted to the user via network, and a tangible copy of the certificate is printed locally for the user.
In a preferred embodiment, the numbered digital certificate further includes a description of at least one element of the desired transaction, for example, purchase price, purchased product/service, and/or transaction authority.
In typical applications, the nonce stamp and the numbered digital certificate are physically linked or coupled together, such as by printing the numbered digital certificate onto the nonce stamp, or by affixing the stamp and certificate to each other or to an article of the transaction such as a mailing envelope.
In one application, the transaction includes depositing an article of mailing, and the nonce stamp and the numbered digital certificate are presented as postage. In another application, the transaction includes admission to a facility, and the nonce stamp and the numbered digital certificate are presented as an admission ticket. In yet other applications, the nonce stamp and digital certificate function as traveler""s checks or as personal checks.
Apparatus of the invention includes an information-based indicium for authenticating a desired transaction. This indicium includes a nonce stamp having a nonce; and a digital certificate including a number derived securely from the nonce, such that the digital certificate and the nonce stamp may be presented together to authenticate the desired transaction. In another aspect of the invention, the information-based indicium may comprise a forgery-resistant physical article bearing an identification number; and a digital certificate including a number derived securely from the identification number, such that the digital certificate and the forgery-resistant article may be presented together to authenticate the desired transaction.
Further aspects of the invention include a system for generating information-based transaction indicia for a user""s desired transaction. The system includes one or more computers configured to receive as input a nonce number from the user""s nonce stamp; to encrypt the nonce number; and to provide to the user a digital certificate including the encrypted nonce number, such that the nonce stamp and the digital certificate may collectively be presented as an information-based indicium to authenticate the desired transaction. In typical applications, the one or more computers are further configured to specify a user""s desired transaction and to charge the user a transaction price for the desired transaction, in exchange for providing the digital certificate. In some applications the computers may not be configured to charge the user prior to providing the digital certificate, and instead the user may be charged (such as through a banking system) after the certificate/nonce stamp pair is negotiated.