Stemming from the proliferation of use of personal computers (PCs), software has been made commercially available for installation in a PC to frank or print a postage indicium, serving as proof of postage, on an envelope or a label using a conventional printer connected to the PC. In addition, because of the increasing popularity of the Internet, services have been provided to download postage funds through the Internet to a postal security device (PSD) which may be connected to the PC and is used to account for postage dispensation.
To allow printing of postage indicia using a conventional printer, which is typically unsecured, a postal authority, e.g., the United States Postal Service (USPS), promulgated specifications for the PSD to secure the accounting of the postage dispensation, and for the postage indicia to detect possible fraud. For example, these specifications include the “Information-Based Indicia Program (IBIP) Performance Criteria for Information-Based Indicia and Security Architecture for Open IBI Postage Evidencing Systems,” dated Jun. 25, 1999; and “Information-Based Indicia Program (IBIP) Performance Criteria for Information-Based Indicia and Security Architecture for Closed IBI Postage Metering Systems,” Jan. 12, 1999, respectively.
According to such specifications, a postage indicium includes not only a human readable portion including text such as the date of mailing and amount of postage, but also a machine readable portion in the form of a two-dimensional barcode. The machine readable portion contains information concerning, e.g., the mailing date, the postage amount, an identification (ID) of the PSD being used, a mail class, a software ID, etc. To detect possible fraud, such information is cryptographically signed, resulting in a digital signature, also included in the machine readable portion, for authenticating the postage indicium.
In general, a PSD has a secure housing, and within the secure housing are accounting registers and a cryptographic engine. These accounting registers typically include an ascending register and a descending register. As is well known, the ascending register is used to keep track of the amount of postage dispensed. On the other hand, the descending register is used to keep track of the postage fund amount available for postage dispensation. The cryptographic engine generates the aforementioned digital signature resulting from signing the machine readable information to authenticate the postage indicium, in accordance with a well known public key algorithm. One such public key algorithm may be the Digital Signature Algorithm (DSA) described, e.g., in “Digital Signature Standard (DSS),” FIPS PUB 186, May 19, 1994. The engine also carries out cryptographic authentication and signing for communications with an external device such as a remote computer system maintained by a postage franking machine manufacturer or of the postal authority. For example, such communications may be used to set up and maintain the PSD, and to replenish the postage fund by adjusting the value of the descending register in the PSD.