The present invention relates generally to a method for printing a postage indicium and, more particularly, to such method for printing an IBIP indicium using a personal computer.
The Information-Based Indicia Program (IBIP) is a distributed trusted system proposed by the United States Postal Service (USPS) to retrofit and augment existing postage meters using new technology known as information-based indicia. The program relies on digital signature techniques to produce for each envelope an indicium whose origin cannot be repudiated. IBIP is expected to support new methods of applying postage in addition to, and eventually in lieu of, the current approach, which typically relies on a postage meter to mechanically print indicia on mailpieces. IBIP requires printing a large, high density, two-dimensional (2-D) bar code on a mailpiece. The 2-D bar code encodes information and is signed with a digital signature.
The USPS has published draft specifications for IBIP. The INFORMATION BASED INDICIA PROGRAM (IBIP) INDICIUM SPECIFICATION, dated Jun. 13, 1996, (xe2x80x9cIBIP Indicium Specificationxe2x80x9d) defines the proposed requirements for a new indicium that will be applied to mail being processed using IBIP. The INFORMATION BASED INDICIA PROGRAM POSTAL SECURITY DEVICE SPECIFICATION, dated Jun. 13, 1996, (xe2x80x9cIBIP PSD Specificationxe2x80x9d) defines the proposed requirements for a Postal Security Device (PSD) that will provide security services to support the creation of a new xe2x80x9cinformation basedxe2x80x9d postage postmark or indicium that will be applied to mail being processed using IBIP. The INFORMATION BASED INDICIA PROGRAM HOST SYSTEM SPECIFICATION, dated Oct. 9, 1996, defines the proposed requirements for a host system element of IBIP (xe2x80x9cIBIP Host Specificationxe2x80x9d). The specifications are collectively referred to herein as the xe2x80x9cIBIP Specificationsxe2x80x9d. IBIP includes interfacing user (customer), postal and vendor infrastructures which are the system elements of the program.
The user infrastructure, which resides at the user""s site, comprises a postage security device (PSD) coupled to a host system. The PSD is a secure processor-based accounting device that dispenses and accounts for postal value stored therein. The host system (Host) may be a personal computer (PC) or a meter-based host processor.
The IBIP Indicium Specification provides requirements for the indicium that consists of both human-readable data and PDF-417 bar code data. The human-readable information includes an originating address, including the 5-digit ZIP Code of the licensing post office, PSD ID/Type number, date of mailing and amount of the applied postage. The bar code region of the indicium elements includes postage amount, PSD ID, customer ID, date of mailing, originating address, destination delivery point identification, ascending and descending registers and a digital signature.
An integrated mailing system is subject to open system requirements if it includes a computer interfaced to the meter and it prepares mailpiece fonts or labels that include both the destination address and the indicium. The integrated system is an open system even if different printers apply the address and the indicium. If the mailing system satisfies such criteria, the USPS considers the xe2x80x9cmeterxe2x80x9d to be an open system peripheral device that performs the dual functions of printing the indicia and interfacing the PSD to the open host. The integrated mailing system must be approved by the USPS according to open system criteria.
The IBIP Host Specification sets forth the requirements for a Host in an open system. The Host produces the mailpiece front including the return address (optional), the delivery address (required), the Facing Identification Mark (FIM), and the indicium as an integral unit. The Host may print this unit on the actual mailpiece stock or label(s) for later attachment to the mailpiece. The Host provides the user with an option to omit the FIM (e.g., when the FIM is preprinted on envelopes). The Host produces standardized addresses, including standard POSTNET delivery point bar code, for use on the mailpiece. The Host verifies each address at the time of mailpiece creation. The Host then creates the indicium and transmits it to the printer.
It is expected that once IBIP is launched, the volume of meters will increase significantly when the PC-based meters are introduced. Such volume increase is expected in the small office and home office (SOHO) market. The IBIP Specifications address and resolve issues which minimize if not eliminate USPS risks regarding security and fraud. However, as with any system implemented on a non-secure device, such as a personal computer, implementation of an IBIP system may have inherent security weaknesses that could be exploited by sophisticated users intent on defrauding the USPS.
For example, there is potential for abuse by sophisticated PC users concerning the printing of multiple copies of an IBIP indicium because of various unsecured aspects of the PC operating system and the printer which prints the indicium. Although the IBIP verification process could detect such misuse, it is desired to prevent such misuse from occurring before such verification process is in place.
An IBIP open system postage meter evidences postage payment by printing on a mailpiece an IBIP indicium created by the Host PC and printed by a printer coupled to the Host PC. Both the Host PC and the printer are unsecured devices. The Host PC includes application software that is provided by a meter manufacturer, such as Pitney Bowes Inc. The application software requests postage from the PSD, creates an indicium when postage is returned with other information from the PSD, and requests the printer to print the indicium. It has been found that conventional safeguards in such application software, which are intended to prevent multiple copies of an indicium, could be circumvented whereby multiple copies of an indicium may be printed. For example, one method that could be used to bypass such safeguards is to configure the operating system on a Host PC to print multiple copies of all documents that are printed. Thus, when an indicia is created, several identical copies will be printed.
In accordance with the present invention, additional safeguards are added to discourage or prevent users from misusing the IBIP meter to create multiple copies of an indicium. The present invention encompasses a method that makes it possible for a metering application in the PC to prevent the printing of multiple copies of a document through the PC operating system. In operating systems, such as Microsoft Windows 3.x, Windows 95, and Windows NT, this is not a standard feature. The application must actively monitor the system messages to detect that its data is being printed more than once. If this activity is detected, the application can take action to ensure that the duplicate indicia images are invalid.
This invention further provides that the data associated with a valid indicium be destroyed as soon as a single printable image has been rendered. This process is entirely under the control of the application. Once a printable graphic image has been created, the data object that contains the digital signature associated with that indicium can be actively deleted from memory by writing over the region of RAM in which it was stored. This process will hinder attempts to create multiple copies of an indicium by monitoring the presence of this data in memory.
The present invention provides a method for printing an indicium with a printer coupled to a personal computer. The method includes the steps of collecting indicium data in memory of the PC, generating an indicium bar code relating to the indicium data, creating in the PC memory a printable image of a valid indicium including the indicium bar code, printing the printable image, and destroying the printable image in the PC memory as soon as the printable image has been printed. Messages of the PC operating system can be monitored for printing activity such that the printable image can be modified after a first copy of the printable image has been printed. The step of creating a printable image includes determining if more than one copy of the indicium is to be printed, and changing the number of copies to be printed to one when more than one copy is determined. The step of creating a printable image renders an indicium image to a memory device context. The printable image can be destroyed by overwriting the printable image with other information.