Various systems have been in use for a number of years which allow individuals and businesses (collectively users) to generate and print postage indicia using personal computers and similar processor-based systems. For example, U.S. Pat. No. 5,822,730 entitled “System and Method for Remote Postage Metering,” the disclosure of which is incorporated herein by reference, describes a postage metering system in which processor-based systems communicate with a remote postage metering system in order to obtain and print desired postage indicia. U.S. Pat. No. 6,868,406 entitled “Auditing Method and System for an On-Line Value-Bearing Item Printing System,” the disclosure of which is incorporated herein by reference, describes an on-line postage indicia printing system that includes cryptographic modules and a central database used to print desired postage indicia.
Although a number of different user entities may utilize the same remote postage metering system to print postage indicia, each such user entity accesses their individual postage meter account. For example, each user entity (any of all of which may include a plurality of users) may utilize their individual user account having a postage security device (PSD) associated therewith and storing postage meter value for use in generating and printing postage indicia. Such PSDs provide secure storage of an associated user entity's postage meter value for use in metering postage indicia. Accordingly, the PSDs may comprise a processor, cryptographic algorithms, secure memory, tamper proof housing, etc.
The PSDs for the different user entities may be virtualized, such as through the use of a crypto-card or similar secure hardware and a plurality of vault files, whereby loading a particular user entity's vault file into the crypto-card configures the crypto-card as that user entity's PSD. The vault files may be protected when stored external to the crypto-card using cryptographic or other techniques (e.g., the contents of a user entity's PSD data may be encrypted as a vault file until loaded into an appropriate crypto-card for operation as the user entity's PSD). Accordingly, the physical requirements for PSDs to serve a number of user entities by a remote postage metering system can be reduced while still providing the requisite number of individual user accounts having a virtual PSD associated therewith. Embodiments of remote postage metering systems implementing such virtualized PSDs are shown in U.S. Pat. No. 6,889,214 entitled “Virtual Security Device,” the disclosure of which is incorporated herein by reference.
Irrespective of whether individual PSDs or virtualized PSDs are implemented, the PSDs and the use thereof involves operation to protect the postage meter value. Specifically, the PSD proscribes security protocols for protecting the postage meter value and deterring fraud because the postage meter value is evidence of monetary value (e.g., essentially cash value). For example, the PSD may store multiple registers, such as an ascending register (e.g., storing the total amount of postage indicia value passed through the PSD), a descending register (e.g., storing the current postage meter value), and a strike counter (e.g., storing the total number of postage indicia created using the PSD) used to provide fraud prevention/detection. Additionally, the PSD may implement cryptographic protocols when storing postage meter value and/or other information to obscure the data and provide fraud prevention. Protocols implemented by the PSD control the incrementing and decrementing of the postage meter value, updating of various registers, etc.
Additionally, various proscriptions on the handling, storage, and use of the postage meter value and other PSD data may be mandated by an associated entity. For example, in the postage industry there is a complicated set of encryption protocols, digital signatures, and authentication codes that support the ability to protect the integrity of the PSD data and provide proof to a postal service (the United States Postal Service (USPS)) the postage meter value has not been tampered with. Accordingly, where the postage meter value comprises value usable in a postal service such as the USPS, the postal service may mandate procedures for handling meter value, vault files, etc. In particular, only one amount of value is represented by potentially numerous copies of the PSD data (e.g., vault file), which may be accidentally or fraudulently used to evidence value in excess of the one true amount of value (e.g., the total of the value of each such copy of PSD data). Therefore, postal service procedures may restrict the transmission of the data, the duplication of the data, etc.
The users of postage metering systems often rely upon the postage metering service in conducting business operations and/or personal affairs. In particular, users of remote postage metering systems operable to generate and print postage indicia through personal computers and similar processor-based systems often utilize such systems to generate and print postage indicia on demand, as needed. Accordingly, a high level of availability with respect to the postage metering service is demanded by the users.
Providing fault tolerant redundancy with respect to postage meter value is problematic for a number of reasons. For example, if an alternate remote postage metering system site were established to mirror a primary remote postage metering system site a significant amount of data may need to be exchanged (e.g., updated vault files for each PSD for which a transaction has occurred). The need to transmit voluminous data may prove problematic both to generate (e.g., creating copies of individual vault files) and transmit in real-time without providing significant resources, particularly in light of the processing loads often placed on the postage metering system in serving the user demands for postage indicia. Moreover, the procedures mandated by an associated entity (e.g., postal service) may proscribe or otherwise restrict particular activities implemented in such a mirroring technique, such as by preventing the duplication (e.g., copying) of postage meter value, the transmission of postage meter value via public network, etc. Such restrictions may not only be problematic in establishing mirrored fault tolerant redundancy, but may prevent practicable implementations of such techniques.
Even if difficulties associated with providing the resources needed to provide the data mirroring and restrictions on the activities implemented with respect to postage meter value and/or other PSD data were to be overcome, further issues would be experienced with respect to the use of a primary remote postage metering system site PSD and its corresponding alternate postage metering system site PSD. For example, where the alternate site PSD were used to generate postage indicia, decrementing a copy of the postage meter value stored thereby, while the primary site is inoperable, there remains the issue of reconciling the alternate site PSD and the primary site PSD when the primary site is again operable. Each such PSD is storing data to be treated as evidence of value, yet only one amount of value is actually represented by the postage meter value stored by these two devices. Any reconciliation of the postage value between these devices must be carefully undertaken to assure that value is not erroneously lost or added. Currently there is no procedure for reconciling postage meter value stored by a primary site PSD and an alternate site PSD.