1. Field of the Invention
The present invention concerns a franking method and mail transport system with central postage accounting. The mail transport system is of the type having a data center of the postal carrier, a data center of an operator and at least one franking device. The postal carrier transports the mail pieces franked by the franking device to the mail sorting center. The purpose of the invention is to achieve a secure mail transport system with franking devices of simple design.
2. Description of the Prior Art
A simple solution that assumes either a personal computer (PC) with printer at the sender or a special franking device that is very simple to operate but that thereby requires neither an online connection for every franking nor a security module has previously been missing. Such an offline solution without security module is possible if the mail carrier conducts the postage determination and billing in the framework of its service provision. This means that a suitable software collects the required postage for the posting while the postings are read in the mail sorting center of the mail carrier and the destination address is determined. The software transmits a data set composed of sender and postage amount to the customer account administration of the mail carrier, which bills a customer account of the sender. The billing with the customer (sender) can ensue temporally decoupled from the accounting entry.
This method is called “central postage accounting” because the required postage values are centrally collected in the mail sorting centers of the mail carrier and not, as in the conventional, “decentralized postage accounting”, from the senders before commission to post offices or mail boxes.
Known from DE 38 40 041 A1 is an arrangement for franking of postal items with a franking device that prints a value imprint that is accounted by a computer of a central calculation point. This known franking device has a memory whose content is increased with each franking process and whose content can be read out by the user of the franking device. After a cover check, the computer is connected with a giro computer of the postal authority to bill the value imprint. The postal authority runs a mail giro account of the owner of the franking device. The giro computer releases every single value imprint after cover check and billing.
This means that the required postage for the posting is determined and paid before the postings are transported to the mail sorting center of the letter carrier and are read there along with the destination address. No retroactive payment of the service provided is provided in this mail transport system with central postage accounting.
In order to achieve the greatest possible security with regard to the postage accounting both for the mail carrier and for the user, the content of the memory (fashioned as units and sum memory) can be read out only by the user and by the computer of the charging location, and the connection of the computer of the charging location with the franking device is fashioned as a dedicated line (TEMEX) that is always in operation.
For small SOHOs (Small Office Home Office), no truly appropriate electronic franking solutions are yet on the market.
There are online solutions that assume a PC with printer at the sender and establish a data connection to the postage provider with every franking.
Furthermore, there are offline solutions that assume special franking devices with security module in which pre-paid postage values are administered in a manipulation-safe manner (Gerrit Bleumer: Electronic Postage Systems; Springer-Verlag, New York, 2007, Chapter 4.1 Basic Cryptographic Mechanisms, Page 91).
In postal markets worldwide it has been widespread to collect the postage fees decentrally at the input of the postal transport channel, for example via stamp sales or adoption of DV-cleared mailings in post offices and postal agents, via franking machines or franking service stations. For the sender, postage fees are due when the corresponding postage stamps are ordered or delivered, for example in the form of stamps, DV imprints and delivery lists, franking imprints in franking machines and PC franking solutions and franking services, etc.
To the extent that mail carriers transition to registering the processed mail entirely automatically for the purposes of address detection and additional services such as shipment tracking, the possibility results to also collect the due postage fees only upon processing in the mail sorting center. In this accounting model, customers do not have to pay any postage in advance; rather, they receive an invoice for their transported mailings at the end of the month, for example. If necessary, individual transport documentation can be ordered, similar to what is typical today for telecommunication invoices.
In the case of franking machines, this accounting model means that credit downloads are no longer necessary, rather the franking machine serves only to register the desired postal product and calculate and apply a corresponding franking imprint.
This accounting model is called “central postage accounting” in contrast to the previously typical “decentralized postage accounting”. Central postage accounting leads to a delayed payment request to the sender. Nevertheless, the designation “postpay” or “pay later” is not characteristic because in conventional, decentralized postage accounting the effective charging of the customer account can also in fact ensue later (for example via debiting methods or credit card payment) than the postal service is provided.
A system and a method for authentication of a mail sender who signs a mailing are known from U.S. Pat. No. 7,110,576. A handwritten signature represents a biometric identity of the sender which the sender applies to a mailing in that he performs a handwritten signature with the aid of a digitizer pen. A mail carrier subsequently scans the signature and can check from a central remote service whether the read signature is valid. The digitizer pen has also originally been registered at the remote service by means of signature tests. In a special design, the digitizer pen writes information into a radio frequency identity device (RFID), wherein the RFID tag is attached to the mailing. As a result of the check of the biometric feature for sufficient similarity of a biometric reference feature performed by the asserted sender, the mail carrier receives a response and attaches the result to the mailing insofar as said result is positive. A biometric sender recognition disadvantageously does not allow a unique device detection. No integrity checksum about the sender recognition is provided whatsoever. Moreover, it would be complicated to ensure that particular technical features such as, for example, an RFID tag are present in the mailing.
A system for identification of mailings by means of RFID is known from U.S. Pat. No. 6,801,833 B2. The mailings are bundled into stacks that are in turn combined in containers that are themselves transported in delivery trucks. Each container is equipped with its own RFID tag that lists all contained containers or mailings, such that every container and every mail piece can be automatically detected and tracked by a central computer at defined points of the mail transport path. The RFID tag can carry the following information features: addressee, sender, shipment ID, integrity checksum of a shipment ID, shipment value or encrypted shipment value. It thereby results that mailings are marked with unique sender identifiers, but in a different form and together with different features than those of the present invention. The sender can deliver a larger quantity of mailings in that he simultaneously provides one delivery list (mailing manifest). In manifest mailing systems, the sender does not determine the required postage amount, rather the delivery post office does this based on the mailing manifest. Therefore only one feature that produces a reference to the associated mailing manifest (permit imprint) must be applied to the individual mailings. In an atypical manner, an RFID tag is provided for this. A mailing ID uniquely identifies the mail piece, wherein the mailing ID can consist of the following parts: sender account number, date, tray ID, piece ID in mail tray, e-mail address of the sender, shipment value, shipment category and mail carrier. An error correction code (CRC) or a digital signature or a message authentication code (MAC) can be used for the identifiers of the mailings and all containers. The integrity checks should prevent that mailings are added to a wrong mail tray or are associated with an incorrect mail tray of an incorrect palette etc. due to technical errors (error correction code) or fraudulent manipulation (digital signature or message authentication code). Therefore an RFID tag must be applied to the individual mailings; however, given the number of senders it is difficult to ensure that the same conditions prevail for all. This is hardly possible when the sender attaches the RFID tag to the mail piece. A wrong adhesive can lead to the signal that an RFID tag detaches. For the sender it is not possible without further measures to read information from the RFID tag. A use of special devices at the sender would be necessary in order to store this information in the RFID tag.
A mail processing system with unique mail piece authorization that is assigned before the entrance of a mail piece into the processing flow of a mail transport service is known from U.S. Pat. No. 5,612,889. A unique shipment ID that serves as an index in a mailing manifest that contains the service address of all committed mailings is stamped on mailings. An address correction of the basis of the mailing manifests is thereby enabled. A commission of mailings is electronically recorded in advance at the mail carrier. For this the sender generates an electronic mailing manifest that he transmits to the mail carrier with cryptographic security. The letter carrier evaluates the information about the expected mailings and their addresses for service, corrects addresses if necessary and determines the required postage fees and subsequently bills the sender. The mail carrier returns a list of shipment IDs to the sender, who prints these on his mailings. The sender subsequently commits his mailings to the letter carrier. The mailing manifest is already present at the mail carrier at this point in time. The shipment ID alone does not designate a sender; rather, it is merely an index in a mailing manifest. This shipment ID only receives a meaning in connection with the mailing manifest. However, the shipment ID is not a unique identifier that can be used on all of the mailings of a franking device and can identify the sender.
From EP 710 930 B1, corresponding to U.S. Pat. No. 5,612,889, it is known to use a unique shipment ID that serves as an index in a mailing manifest that contains the addresses of service or destination ZIP codes of all committed mailings is imprinted on the mailings.
A method for mail good processing and a mail good processing system with hierarchical mail good processing is known from EP 1 058 212 A1, corresponding to U.S. Pat. No. 7,219,084. Private mail carriers that are regionally established relay mailings to super-regional mail carriers for their distribution outside of their region of operation. An identification of the sender ensues by means of a chip card that the customer of the private mail carrier bears and inserts into a card reader of the mail infeed system (mail box) when the customer surrenders the mail. It is provided that the customer receives a receipt for the mail placed in a mail box and initially to be supplied to a first carrier/location. The chip card serves as a customer card that already exhibits an identification number. Each mail good is provided with a machine-readable marking that consists of a number and additional shipping data specific to each mail good. The first carrier transports the mail from the mail infeed station (mail box) to the first location and there franks the letter with a franking imprint and conducts a debit from the customer account at a customer bank and commits the franked letter to a mail distribution center of a second carrier, which transports the mail further. A conventional franking is thus implemented and a conventional mailing manifest is generated after the marking of the mail good. The due postage amount is determined and collected while the mail goods are committed. The corresponding markings are applied to the mail goods in the same process. The marking can contain date and time of the commission and moreover an identification of the customer that has previously been imported from his customer card into the infeed station. This method can be designated as a “semi-central postage accounting”. Security checks in addition to the shipment identification and sender identification are not described.
Given decentralized postage accounting, pre-paid electronic money or credit is loaded into the franking device. If manipulation of these funds amount occurs, unpaid postal service can be accessed as a result. This can be difficult to detect by the harmed mail carrier and even more difficult to track back to the individual fraudulent party. The required expenditure via a hardware security module or an online data connection for franking which should prevent the fraudulent manipulations is disadvantageous.