The present invention relates generally to postage metering systems, and more particularly to a method, apparatus, and code for maintaining secure postage data.
A postage meter allows a user to print postage or other indicia of value on envelopes or other media. The postage meter can be leased or rented from a commercial group (e.g., Neopost). Conventionally, the user purchases a particular amount of value beforehand and the meter is programmed with this amount. Subsequently, the user is allowed to print postage up to the programmed amount. Some modern postage meters allow the user to purchase additional amounts via a communications link (e.g., a telephone modem or the Internet).
Because a postage meter is capable of printing postage having a value, security is critical to prevent unauthorized use. The meter typically includes a print mechanism and electronic control circuitry that directs the operation of the print mechanism. The control circuitry (and possibly the print mechanism) are typically enclosed in a secure housing that prevents tampering with the meter and unauthorized access by anyone except for authorized factory technicians. The meter can include sensors that detect tampering with the meter and flag such condition. Examples of secure postage meters are disclosed in U.S. Pat. No. 4,742,469, entitled xe2x80x9cElectronic Meter Circuitry,xe2x80x9d issued May 3, 1988, U.S. Pat. No. 4,484,307, entitled xe2x80x9cElectronic Postage Meter Having Improved Security and Fault Tolerance Features,xe2x80x9d issued Nov. 20, 1984, and the aforementioned U.S. Pat. No. 6,424,954, all three assigned to the assignee of the present invention and incorporated herein by reference.
With the advent of electronic control circuitry, meter security is typically provided by digital signature, encryption, and other techniques. These techniques allow for electronic detection of meter tampering, e.g., attempts to modify the normal operation of the accounting registers used to store value.
Another technique for providing security is through the use of a smart card or cartridge. The smart card couples to the associated system and stores important data (e.g., security data) that enables the operation of the system to which it couples. For example, the smart card can contain secret pass codes, encryption keys, authorization codes, and so on. The smart card can be modified or replaced, as necessary, if its integrity is suspected.
Smart cards are used in some applications where security frauds are encountered. For example, U.S. Pat. No. 5,740,232 discloses a smart card based system for telephone-securized transactions. Also, U.S. Pat. No. 5,757,909 discloses the use of a smart card to prevent illegal users from viewing and copying a digital video stream.
Conventionally, automatic security arrangements for smart card based systems operate by resetting bits on the smart card to a particular value (e.g., zero). The reset prevents unauthorized operation with the smart card, which is desired. Unfortunately, the reset also destroys valuable data on the card. In applications in which the data is financial data (e.g., a postage revenue credit), this reset can be equivalent to a loss of cash.
The invention provides method, apparatus, and code that provide security for a postage metering system but maintain (or retain) secure postage data stored therein. The invention is especially suited for a postage metering system that includes a security module coupled to a postage meter. In an embodiment, a security routine is executed upon occurrence of one or more defined events. Execution of the security routine inhibits certain transactions between the security module and that meter but maintains (or retains) the secure postage data stored in the security module.
An embodiment of the invention provides a postage metering system that includes a security module operatively coupled to a meter. The meter is configurable to perform a set of metering operations. The security module executes a set of transactions with the meter, and includes a processor and a memory. The processor executes a security routine upon occurrence of one or more defined events. The memory stores secure postage data. When the security routine is executed, selected ones of transactions between the meter and security module are inhibited, but the secure postage data stored within the security module is retained. The security module can also store security data (e.g., encryption keys) that are erased when the security routine is executed. The security module can (and typically does) include additional circuitry that supports the security process (e.g., a timer, sensors, and so on).
The security routine can be initiated upon: (1) failure to receive an authorization signal by the security module within a particular time-out period, (2) detection of tampering with the security module, (3) receipt of a (shut-down) command from the meter, or other events.
Another embodiment of the invention provides a method for executing a security routine within a postage metering system that includes a security module coupled to a meter. In accordance with the method, occurrence of one or more defined events within the postage metering system is detected. The security routine is then initiated upon the detected occurrence of the one or more events. Upon execution of the security routine, selected ones of transactions between the meter and the security module are inhibited and secure postage data stored within a memory in the security module is retained.
Again, the security routine can be initiated if an authorization signal is not received within a time-out period or if tampering with the security module is detected. A count indicative of a time period since a last receipt of the authorization signal can be maintained, and this count can be reset if the authorization signal is received within the time-out period.
The invention also provides computer-implemented program products that implement the method described above.
The foregoing, together with other aspects of this invention, will become more apparent when referring to the following specification, claims, and accompanying drawings.