In mail preparation, a mailer prepares a mailpiece or a series of mailpieces for delivery to a recipient by a carrier service such as the United States Postal Service or other postal service or private carrier delivery service. The carrier services, upon receiving or accepting a mailpiece or a series of mailpieces from a mailer, processes the mailpiece to prepare it for physical delivery to the recipient. Part of the carrier service processing includes reading the addresses on the mailpieces, sorting the mailpieces for delivery and determining that carrier service charges have been paid by the mailer.
The mail preparation function has included rating and postage payment. Postage payment systems have been developed employing postage meters, which are mass produced devices for printing a defined unit value for governmental (such as tax stamps, or postage stamp) or private carrier delivery of parcels and envelopes. These postage meter systems involve both prepayment of postal charges by the mailer (prior to postage value imprinting) and post payment of postal charges by the mailer (subsequent to postage value imprinting). Postal charges (or other terms referring to postal) as used herein should be understood to mean charges for either postal tax, or private carrier charges or other value printing, as the case may be.
Postage metering systems have been developed which employ encrypted information on a mailpiece. The postage value for a mailpiece may be encrypted together with other data to generate a digital token. A digital token is encrypted information that authenticates the information imprinted on a mailpiece such as postage value. Examples of postage metering systems which generate and employ digital tokens are described in U.S. Pat. No. 4,757,537 for SYSTEM FOR DETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING SYSTEM, issued Jul. 12, 1988; U.S. Pat. No. 4,831,555 for SECURE POSTAGE APPLYING SYSTEM, issued May 15, 1989; U.S. Pat. No. 4,775,246 for SYSTEM FOR DETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING SYSTEM, issued Oct. 4, 1988; U.S. Pat. No. 4,873,645 for SECURE POSTAGE DISPENSING SYSTEM issued Oct. 10, 1989 and, U.S. Pat. No. 4,725,718 for POSTAGE AND MAILING INFORMATION APPLYING SYSTEMS, issued Feb. 16, 1988. These systems, which may utilize a device termed a Postage Evidencing Device (PED), employ an encryption algorithm which is utilized to encrypt selected information to generate the digital token. The encryption of the information provides security to prevent altering of the printed information in a manner such that any change in a postal revenue block is detectable by appropriate verification procedures.
Encryption systems have also been proposed where accounting for postage payment occurs at a time subsequent to the printing of postage. Systems of this type are disclosed in U.S. Pat. No. 4,796,193 for POSTAGE PAYMENT SYSTEM FOR ACCOUNTING FOR POSTAGE PAYMENT OCCURS AT A TIME SUBSEQUENT TO THE PRINTING OF THE POSTAGE AND EMPLOYING A VISUAL MARKING IMPRINTED ON THE MAILPIECE TO SHOW THAT ACCOUNTING HAS OCCURRED, issued Jan. 3, 1989; U.S. Pat. No. 5,293,319 for POSTAGE METERING SYSTEM, issued Mar. 8, 1994; and, U.S. patent application Ser. No. 882,871, for POSTAGE PAYMENT SYSTEM EMPLOYING ENCRYPTION TECHNIQUES AND ACCOUNTING FOR POSTAGE PAYMENT AT A TIME SUBSEQUENT TO THE PRINTING OF POSTAGE filed Jul. 7, 1986 by Wojciech M. Chrosny and assigned to Pitney Bowes, Inc., or its Canadian Counterpart patent No. 1 301 336.
The advantages of digital (bit-map) printing of the postal and other proofs of payment are well known. The security of such proofs are based on printing pseudo-random (and hence unpredictable for the intruder) information within the indicium. This is done by using modern information security methods such as cryptographic digital signatures or message authentication codes. The integrity of the payment system critically depends on the verification of the proof of payment by the verification authority.
The use of digital tokens (one or several digit truncations of message authentication code computed using a symmetric key cryptographic algorithm) as pseudo random information in the indicium is also well known. The use of single digit tokens is particularly advantageous since it minimizes the amount of information which must be printed in the indicium while providing adequate security protection.
The verification of the indicium containing digital tokens requires entry of the information from the indicium into a verification computing device (also known as a verifier). The verifier executes digital token transformation and compares the printed and computed digital tokens in order to authenticate the indicium, then the verifier checks the integrity of the printed information and ultimately verifies the proof of payment. The mismatch of computed and printed tokens is indicative of the counterfeited indicium. The verifier stores relevant secret cryptographic keys in a tamper resistant and tamper detectable manner.
One potentially undetectable and harmful attack against the digital token indicium which has been noted is the fraudulent misuse of the verifier as an oracle capable of predicting correct digital tokens for any combination of indicia parameters. The attack is particularly effective against one or two digit tokens and rapidly diminish in effectiveness with larger number of digits in the token. The attacker programs a computer to enter valid combinations of input parameters into the verifier. Such combination contains meter ID, date, postage amount, postal code of registration postal office and randomly selected digital token. The combination is valid in the sense that all parameters are properly formatted and the meter ID is taken from the lists of valid meter IDs. The verifier then responds with a "yes" or "no" answer to each valid combination. The attacker records all combinations which produced a "yes" answer and then uses them in printing indicia which will be, in principle, indistinguishable from legitimately paid indicia.
For a single digit token, the attacker on average has to try only five combinations of parameters to arrive at usable "yes" combination due to the uniform distribution of token digit. For the two digit token the average number of trials is 50. Since the digital token transformation based on a strong symmetric cryptographic algorithm such as triple DES takes only, for example, 10 milli seconds to execute, an attacker in a short period of time can obtain information for many fraudulent indicia. Even in a controllable and secure environment, such as a Postal verification facility, it is difficult to maintain continuous observation of potentially multiple verifiers. Since the attack is undetectable on the mailpiece/indicium level and, moreover, can be implemented by unscrupulous verification personnel when appropriate security procedures are not in place and followed. Therefore, it is very desirable to find a method and system for a reliable detection of the fraudulent misuse of the verifier in the oracle mode.