Various forms of value bearing indicia have been developed and used throughout the world. Such value bearing indicia often takes the form of an electronic and/or printed data packet adapted for providing a representation of value sufficient to be acceptable as proof of payment for goods, services, etc. For example, postage indicia have been used for a number of years as proof of payment for postal services.
Because such indicia represents a form of value, the indicia itself and the process for its generation is typically provided some form of security. For example, the indicia may implement digital signatures, secure hash techniques, cryptographic techniques, etc. The process for generating the indicia may be performed within a secure environment, such as within the confines of a secure processor-based system (e.g., cryptocard, such as the 4764 cryptographic coprocessor available from International Business Machines Corporation). For example, postage indicia, such as the information based indicia (IBI) generated by processor-based open systems (e.g., stand-alone or client/server general purpose systems operable under control of an instruction set providing postage indicia metering functionality) in accordance with the United States Postal Service (USPS), may be generated within a postal security device (PSD) and may include digital signatures generated by a cryptographic processor of the PSD.
In order to perform as an indicia generation device, such secure environments must typically be loaded with the requisite indicia generation host information, perform the steps for generation of the indicia, and subsequently have the indicia generation host information unloaded from the secure environment to free the secure environment for other operations (e.g., generation of indicia for different users, for different accounts, for different uses, etc.). For example, in the postage indicia context, a cryptocard may be provided with indicia generation host information, such as may comprise ascending and descending postage registers, cryptographic postal keys, logging records, etc., (referred to herein as “virtual PSD information”) to configure the otherwise “generic” cryptocard as a particular PSD (e.g., a specific user's PSD, a PSD for a specific postage account, etc.) for use in generating an indicia. Once the indicia has been generated, the virtual PSD information with its updated data (e.g., register values) reflecting generation of the indicia may be offloaded from the cryptocard and stored in a database for subsequent use. Because the virtual PSD information contains the information establishing the cryptocard as the PSD (i.e., the PSD “personality”), this PSD information is generally encrypted when passed outside of the secure environment of the cryptocard.
As can be appreciated from the foregoing, considerable data transfer and processing may be associated with the generation of indicia. In particular, not only must the virtual PSD information be retrieved and loaded into the secure environment of the cryptocard in the foregoing example, but the virtual PSD information must be decrypted once loaded prior to use. Correspondingly, the virtual PSD information must again be encrypted once the indicia is generated prior to offloading of the virtual PSD information from the cryptocard. This processing and data transfer is in addition to that directly associated with the generation of the indicia itself, including the cryptographic functions typically employed to provide a digital signature. In order to provide the requisite logging and register value accountability, the process must be repeated for each indicia generated according to the present implementations.
Some use scenarios may provide a situation in which a user is in need of or otherwise desires to generate a plurality of indicia in a same session. For example, a user may desire to generate a plurality of postage indicia, such as to provide a supply of postage indicia for some period of time (e.g., a week or month). Such scenarios have not traditionally been the focus of service by the processor-based open systems used in generating IBI. However, as can be appreciated from the foregoing, where such processor-based systems utilizing virtual PSD information as described above can require appreciable time (in computer processing terms) to load/unload the data, decrypt/encrypt the data, update the registers and logs, generate the postage indicia and repeat for each indicia generated. There is currently no solution implemented for reducing the time associated with the repeated loading/unloading data, decrypting/encrypting, updating registers and logs, and generating postage indicia required for generation of each indicia of the plurality of indicia.
Another example of a use scenario which may require appreciable time for generating a plurality of indicia is that of a multiuser postage meter, such as in the case an enterprise postage meter or a centralized postage meter serving a number of clients (e.g., remote retail kiosks, post office point of sale terminals, etc.). In such a scenario, multiple users (e.g., using different client systems) may request postage indicia generation simultaneously or in close temporal proximity. Currently available solutions for providing service to the different users has been to implement a PSD pool (i.e., a plurality of PSDs operable to each independently load virtual PSD information for separately metering and generating postage indicia) at the centralized postage meter. Although such a solution may be effective at reducing delay associated with the generation of multiple postage indicia, the solution is relatively costly and requires maintaining prepaid account balances (i.e., postage meter value balances) with respect to each such virtual PSD.