1. Technical Field
This invention relates to secure modular postage printing systems, where a secure metering module stores available postal funds for a host printing module.
2. Background Art
Postage metering systems have been developed in a modular arrangement, where a host printing module, also referred to as a mailing machine, includes a printer configured for printing indicia that indicate the value of the postage being applied. The control signals associated with printing the corresponding indicia are generated by a secure metering module, also referred to as a vault, which stores the available postal funds for the value printing system.
An important consideration in an electronic postal mailing system is that the postal funds within the secure metering module (i.e., the vault) are secure, where the host printing module prints postage indicia on a mail piece, and where the accounting registers within the secure metering module accurately reflect the available postal funds relative to the printing of the postage indicia by the printing module. Postal authorities generally require the accounting information to be stored within the postage meter and to be held in a secure manner, such that any postal mailing system should include security features to prevent unauthorized and unaccounted for changes in the amounts of postal funds held in the meter. Postal authorities also require that meters be put in service and removed from service in strict compliance with postal requirements for registration and periodic inspection, for example every six months. Hence, the security and inspection requirements by the postal authorities enables the postal authorities to keep reliable records on the usage of the meter, as well as to detect fraud.
The security requirement for the vault has generally required the actual metering module to have a secure physical housing that physically protects the stored postal funds and associated encryption keys, such that postal and accounting information can be accessed to and from the vault only by a secure communication link between the vault and the external host printing module. The vault may also include a tampering detection device designed to detect tampering of the physical or electronic integrity of the fault. If tampering is detected by an unauthorized agency, the vault may self-destruct by deleting the encryption keys, or by deleting the available postal funds from the memory.
The secure nature of the vault creates difficulties when attempting funds recovery, where a user attempts to read a value of the remaining funds stored in the vault from a malfunctioning vault. Typically, a user may attempt to disassemble the secure vault and determine the stored funds using electronic probes to read back electronic signals. However, a tampering detection device within the vault may consider the funds recovery attempt as a tampering attempt, causing the tampering detection system to destroy the electronic memory. Hence, if a vault malfunctions, the stored available postal funds in the vault may be lost, creating substantial expense and inconvenience for the user.