The present invention relates generally to postage metering systems, and more particularly to techniques for performing secure processing of postal data using general purpose or specially designed electronic components and printers.
A postage meter allows a user to print postage or other indicia of value on envelopes or other media. Conventionally, the postage meter can be leased or rented from a commercial group (e.g., Neopost Inc.). The user purchases a fixed amount of value beforehand and the meter is programmed with this amount. Subsequently, the user is allowed to print postage up to the programmed amount.
Since the postage meter is able to imprint indicia having values, security is critical to prevent, deter, and detect frauds. In one conventional security scheme, the postage meter is designed to allow imprint of an indicium only when sufficient funds exist to cover the requested indicium amount. If the postage meter is tampered with, it ceases to function and can only be reactivated by an authorized agent. This scheme guards against fraudulent modification of the meter to print unauthorized postage labels.
A technologically more advanced postage metering system is provided by means of a device known as a Postal Secure Device (PSD). The PSD is a securely packaged electronic circuit protected by an enclosure fabricated in accordance with well-known security principles, such as those described in government standards (e.g., FIPS 140-1) and other security standards. The circuits within the PSD perform accounting and cryptographic functions, and provide a secure xe2x80x9cvaultxe2x80x9d for postal accounting/revenue data. The PSD typically includes the cryptographic hardware and software, a microprocessor, volatile and non-volatile memories, and power conditioning circuits, and is typically supplied with its own DC or AC power from an external connection.
This PSD architecture can be both physically and electronically cumbersome. Numerous circuits are needed, and provided, to support the accounting and cryptographic functions. These circuits render the PSD complicated and costly. Moreover, because complex message interchanges are typically required between the PSD and the host computer to complete each postage printing operation, the speed of data operation is limited, which ultimately limits the cycling speed of the printer.
As can be seen, what is highly desirable are techniques that allow: (1) postal accounting data to remain secure within a real or virtual vault, (2) integration of the vault into a readily available computer such as a personal computer (PC), and (3) rapid operation with reduced need to transfer data into and out of the vault.
The invention provides a postal system having numerous advantages, including faster speed of operation and economical hardware design. The postal system includes a local computer having a user interface and an associated storage unit for storing a secure data file containing postal (e.g., accounting) data. A secure processing unit interfaces with the local computer and performs the secure processing normally associated with a secure postal environment. The secure processing unit can be designed to receive power from the computer to which it couples, and generally does not require special interconnect. By using the secure processing unit to perform the secure processing and the local computer to perform other postal functions (e.g., user interface, communication with a funding agency), complexity is reduced, which translates to a faster and more economical design.
An embodiment of the invention provides a method for printing a postage indicium. In accordance with the method, which is generally performed at a local computer, a user request to print postage indicium is received and, in response, a data file is retrieved from a storage unit. The data file is secure and includes accounting data (e.g., amount of available funds). The user request and data file are provided to a secure processing unit, which processes the request and generates a print command message. The print command message is processed (e.g., signed, encrypted, or both) to allow for authentication by the receiving unit. The print command message is received from the secure processing unit and, in response, a printer is directed to print the postage indicium. The data file, which has been updated to account for the printed postage indicium, is received from the secure processing unit and stored back to the storage unit.
In an embodiment, the data file includes a descending register indicative of an amount of available funds, an ascending register indicative of an amount of funds previously used, and a control total register indicative of the available plus previously used funds. The data file and print command message can each be encrypted with a particular encryption standard (e.g., DES or RSA), signed with a particular digital signature algorithm (e.g., DSS or elliptical curve), or both. The storage unit can be open and user accessible (e.g., a hard disk drive associated with the local computer). The user request can be for more than one postage indicium, in which case one print command message is generated for each requested postage indicium until all postage indicia have been printed or the process is otherwise terminated (e.g., for lack of funds).
Another embodiment of the invention provides a method for printing a postage indicium. In accordance with the method, which is generally performed at a secure processing unit, a data file and a user request to print postage indicium is received from a host computer. The data file is secure and processed to obtain the accounting data contained therein. A determination is then made as to whether sufficient funds exist to cover the postage indicium. If sufficient funds exist, the data file is updated to account for the postage indicium, a print command message is generated and sent to the host computer, and the updated data file is secured and transferred back to the host machine. The print command message authorizes printing of the postage indicium, and is processed (e.g., signed, encrypted, or both) to allow for authentication by the receiving unit. The fund determination, update of the data file, and generation and transmission of the print command message can be repeated for each requested postage indicium.
Yet another embodiment of the invention provides a method for funding a postal account. In accordance with the method, which is generally performed at a local computer, a user request to fund the postal account is received and, in response, a data file is retrieved from a storage unit. The data file is secure and includes accounting data. The user request and data file are provided to a secure processing unit for processing. A fund request message is then received from the secure processing unit and forwarded to a funding agency for processing. Next, an authorization message is received from the funding agency and forwarded to the secure processing unit. The data file is updated with additional funds in accordance with the authorization message. The updated data file is then received from the secure processing unit and stored back to the storage unit. The fund request and authorization messages are processed to allow for authentication by the receiving unit.
Yet another embodiment of the invention provides a method for funding a postal account. In accordance with the method, which is generally performed at a secure processing unit, a secure data file and a user request to fund the postal account are received from a host computer. The data file is processed to obtain accounting data stored therein, and a fund request message is generated based on the user request. The fund request message is sent to the host computer for processing and, in response, an authorization message is received and authenticated. If the authorization message is determined to be authentic, the data file is updated to include additional funds authorized by the authorization message. The updated data file is then secured and transferred back to the host machine. The fund request and authorization messages are processed to allow for authentication by the receiving units.
Yet another embodiment of the invention provides a postage metering system that includes a local computer that interfaces with a secure processing unit. The local computer includes a user interface that receives a user request and a storage unit that stores a data file. The data file is secure and includes accounting data. The secure processing unit includes a memory coupled to a processing unit. The memory stores the data file. The processing unit receives the data file and the user request, processes the user request, generates a first message responsive to the user request, updates the data file to account for the processed user request, secures the updated data file, and sends the secure data file back to the local computer. The first message is processed to allow for authentication by the receiving unit. The user request can be for a printing of postage indicium or a finding of a postal account.
Yet another embodiment of the invention provides a secure processing unit for use in a postage metering system. The secure processing unit includes a memory coupled to a processing unit. The memory stores a secure data file that includes accounting data. The processing unit receives the data file and a user request for a particular postal transaction, processes the user request, generates a first message responsive to the user request, updates the data file to account for the processed user request, and secures the updated data file. The first message is processed to allow for authentication by the receiving unit.
The invention further provides program product that implements or facilitates the various embodiments described above.
The foregoing, together with other aspects of this invention, will become more apparent when referring to the following specification, claims, and accompanying drawings.