The subject invention relates to secure printing of images such as postal indicia. More particularly it relates to printing images in such a manner that printer control signal cannot easily be replicated and used to print images without accounting for them.
Recently a new way of franking mailpieces to evidence payment has been developed and introduced by the assignee of the subject invention in accordance with the Information Based Indicia Program (IBIP) of the U.S. Postal Service. Unlike previous forms of proof of payment such as stamps and postage meter indicia, IBIP indicia do not rely on details of the printing process to provide security but instead incorporate encrypted information unique to each indicium which cannot be produced without knowledge of secret cryptographic keys. IBIP indicia have many advantages. For example, the information incorporated into the indicia not only provides security against counterfeit indicia, but allows the Postal Service to more closely track its operations and the needs of its customers. A particular advantage of IBIP and similar indicia is that, because they do not rely upon particular details of the printing process for security, mailers can print indicia themselves with a conventional digital printer.
However in the case of closed system postage meters, or franking machines, this advantage is not fully realized since the IBIP, as well as other International Postal Standards, require that the printer of a closed system meter be dedicated to printing postal indicia or other meter related information so that the printer cannot be used by a system attacker to print postal indicia that are not accounted for by the meter. Typically this is done by the attacker recording, or otherwise recreating, printer control data communicated to the printer, then using the data to drive the system printer after it is disconnected from the system, or to drive a similar printer.
In the past protection from such attacks has been accomplished by either physically or cryptographically securing the link between the printer and the meter accounting unit (hereinafter sometimes the Postal Security Device or PSD). Physical protection of the link is difficult to achieve, particularly for mutipass printers in which the printhead moves. Cryptographic protection requires encryption of the data; using techniques such as encrypting the printer control data, digitally signing the data, or using message authentication codes. (Note that cryptographic protection of the printer control data is distinct from and in addition to any encryption of postal data which is printed as part of the indicia.)
Thus cryptographic protection requires provision of expensive cryptographic hardware, or time consuming cryptographic software, or some combination thereof at both ends of the PSD/printer link; while physical protection is, as noted, both difficult and expensive. As a result standard off-the-shelf components cannot be used without significant modification.
Thus it is an object of the subject invention to provide a method and system for printing images such as postal indicia where printer control signals used to drive a printhead cannot be easily copied or recreated and which can be implemented using standard printer components without significant modification.
The above object is achieved and the disadvantages of the prior art are overcome in accordance with the subject invention by a method and system for forming a sequence of graphic data blocks, the sequence forming a bitmap representative of the image; then randomly reordering the blocks to form a new sequence; and sequentially positioning a printhead and printing the blocks in the new sequence, the printhead being positioned and the blocks being printed so as to print the image without substantial distortion.
In accordance with one aspect of the subject invention the blocks are printed in varying directions.
In accordance with another aspect of the subject invention the printhead moves are varying rates of travel and prints at proportional rates as the blocks are printed so as to print the image without substantial distortion.
In accordance with another aspect of the subject invention the printhead returns to a home position after printing the image.
In accordance with still another aspect of the present invention the system includes a motor responsive to a programmable controller and mechanically coupled to the printhead for positioning the printhead and the programmable controller and the motor are enclosed in a secure housing so that no signals for controlling the motor are available outside of the housing.
Other objects and advantages of the subject invention will be apparent to those skilled in the art from consideration of the detailed description set forth below and the attached drawings.