Postage metering systems are being developed which employ digital printers to print encrypted information on a mailpiece. Such metering systems are presently categorized by the USPS as either closed systems or open systems. In a closed system, the system functionality is solely dedicated to metering activity. A closed system metering device includes a dedicated printer securely coupled to a metering or accounting function. In a closed system, since the printer is securely coupled and dedicated to the meter, printing cannot take place without accounting. In an open metering system, the system functionality is not dedicated solely to metering activity. An open system metering device includes a printer that is not dedicated to the metering activity, thus freeing system functionality for multiple and diverse uses in addition to the metering activity. An open system metering device is a postage evidencing device (PED) with a non-dedicated printer that is not securely coupled to a secure accounting module.
Typically, the postage value for a mailpiece is encrypted together with other data to generate a digital token which is then used to generate a postage indicia that is printed on the mailpiece. A digital token is encrypted information that authenticates the information imprinted on a mailpiece including postal value. Examples of systems for generating and using digital tokens are described in U.S. Pat. No. 4,757,537, 4,831,555, 4,775,246, 4,873,645 and 4,725,718, the entire disclosures of which are hereby incorporated by reference. These systems employ an encryption algorithm to encrypt selected information to generate at least one digital token for each mailpiece. The encryption of the information provides security to prevent altering of the printed information in a manner such that any misuse of the tokens is detectable by appropriate verification procedures.
Typical information which may be encrypted as part of a digital token includes origination postal code, vendor identification, data identifying the PED, piece count, postage amount, date, and, for an open system, destination postal code. These items of information, collectively referred to as Postal Data, when encrypted with a secret key and printed on a mall piece provide a very high level of security which enables the detection of any attempted modification of a postal revenue block or a destination postal code. A postal revenue block is an image printed on a mall piece that includes the digital token used to provide evidence of postage payment. The Postal Data may be printed both in encrypted and unencrypted form in the postal revenue block. Postal Data serves as an input to a Digital Token Transformation which is a cryptographic transformation computation that utilizes a secret key to produce digital tokens. Results of the Digital Token Transformation, i.e., digital tokens, are available only after completion of the Accounting Process.
Digital tokens are utilized in both open and closed metering systems. However, for open metering systems, the non-dedicated printer may be used to print other information in addition to the postal revenue block and may be used in activity other than postage evidencing. In an open system PED, addressee information is included in the Postal Data which is used in the generation of the digital tokens. Such use of the addressee information creates a secure link between the mailpiece and the postal revenue block and allows unambiguous authentication of the mail piece.
Since open and closed metering systems function as encryption devices, the metering portion of the system must be secure logically as well as physically. Typically, user access of an encryption device is controlled by a lock, such as, a lock to the room housing the device, a lock on the device itself, or a logical lock such as the password that limits access to the device. If a password that controls access to an open or closed metering system is forgotten, the device becomes useless until the password can be replaced. Generally, the higher the level of security, the more difficult the procedure to replace an existing password. For example, metering systems require such a high level of security that a user may be required to send at least the metering device, i.e., the vault, to the manufacturing vendor to reinitialize the password protection system of the metering device. When the metering device is returned to the user, the user enters a new password which activates the password protection system for further use of the metering system.
Users have been known to provide their own `safety net` to prevent forgotten security passwords. Generally, a user may hide the security password with the hope that it can be retrieved if ever the password is forgotten. Knowing that this practice compromises the security of the password protection system, users resort to such practice because the alternative, i.e., having to return the metering portion to the manufacturer, is a burden that prevents use of the metering system for a period of time.