Metering systems, such as, for example, postage metering systems, have been developed which employ cryptographically secured information that is printed on a mailpiece as part of an indicium evidencing postage payment. The indicium includes a postage value for the mail piece, along with other postal data that relates to the mailpiece and the postage meter printing the indicium. The indicium includes cryptographically secured information that authenticates and protects the integrity of information, including the postage value, imprinted on the mailpiece for later verification of postage payment. Since the indicium incorporates cryptographically secured information relating to the evidencing of postage payment, altering the printed information in an indicium is detectable by standard verification procedures.
Presently, postage metering systems are recognized as either closed or open system devices. In a closed system device, the printer functionality is solely dedicated to metering activity. Examples of closed system metering devices include conventional digital and analog postage meters wherein a dedicated printer is securely coupled to a metering or accounting function device. In conventional closed system mechanical and electronic postage meters, a secure link is required between printing and accounting functions such that printing will not occur without accounting for the postage value being dispensed. For older postage meters configured with printing and accounting functions performed in a single, secure box, the integrity of the secure box is monitored by periodic inspections of the meters. More recently, digital printing postage meters, which typically include a digital printer coupled to a postal security device (PSD), have removed the need for physical inspection by cryptographically securing the link between the accounting and printing mechanisms. In essence, new digital printing postage meters create a secure point-to-point communication link between the PSD and print head. This link must be protected to deter an attacker from fraudulently driving the print head and printing indicia for which payment has not actually been accounted for by the PSD. Typically, there are three main attacks that must be protected against: (i) an attacker disconnecting the PSD and directly driving the print head, (ii) an attacker recording the data communicated to the print head by the PSD and replaying the data to the same or another printer at a later time, and (iii) an attacker recording data communicated to the print head from the PSD and replaying it simultaneously to another print head, also known as parallel printing.
One known technique for protecting the link between the PSD and print head entails cryptographically securing the data utilizing a Linear Feedback Shift Register (LFSR) based stream encryption, such as described in U.S. Pat. Nos. 5,293,465 and 7,039,185. In systems such as described in the aforementioned patents, the output data from the accounting unit (which typically consists of image data for an indicium generated by the PSD) is encrypted by logically combining the image data with a pseudo-random pattern generated by a LFSR. The print head includes a similar LFSR that generates an identical pseudo-random pattern, which is utilized to decrypt the image data from the accounting unit and enable printing. While such systems generally work well, there are some drawbacks. For example, since the image data on the link appears in encrypted form, troubleshooting of the link is very difficult to perform in the event of a malfunction. In addition, such systems provide a very low level of security, as LFSRs have several known weaknesses. An attacker, by observing the encrypted data and printed image, can recover the secret state of the LFSRs without major effort. This enables an attacker to construct counterfeit images that appear valid and can be fed directly to the print head. Furthermore, should the LFSRs in the accounting unit and print head become unsynchronized because of an error or malfunction, the print head and accounting unit have no way of knowing that they are out of synchronization with each other. The PSD in the accounting unit will continue to generate indicia and send the encrypted image data to the print head. The print head will continue to decrypt the image data, but because the LFSRs are not synchronized, such decryption will not result in the original image data being recovered. The print head will still print the indicia images that are not properly decrypted, and therefore useless. The printing of the image, even though not properly decrypted, will still result in the accounting for the postage funds to occur. Such operation of printing useless images while still accounting for the postage funds will continue until either the postage meter is stopped manually or a new session is initiated between the PSD and print head to allow them to synchronize with each other. This results in wasted paper, ink and postage funds.