Mechanical postage meters have been used for many years to print postage indicium and other value. Mechanical meters do not have an independent accounting system to account for the postage printed by the meter; nor do they print postage indicia for which duplicate copies can be readily detected. Digital postage meters, capable of interfacing with independent accounting systems and capable of producing indicia with encrypted and/or additional information provide a partial solution to the problem. The digital indicia have been printed with various encrypted information generated from indicia information and address blocks.
U.S. Pat. No. 4,853,865 discloses a mailing system with postage value printing capability which prints the indicia and an address line containing the postage amount, the date and the transaction number. U.S. Pat. No. 4,831,555 discloses a postage applying system which prints an postage amount, customer number and zip code and an encrypted postage amount, customer number and zip code which can be decrypted by a computer at the postal service and used to determine the genuineness of the postage. U.S. Pat. No 5,454,038 discloses an electronic data interchange postage evidencing system which performs address hygiene to obtain correct information, encrypts the address information and prints the encrypted information in the postal indicia. U.S. Pat. Nos. 4,725,718 and 4,743,747 disclose postage mailing and information applying systems which apply address information and encrypted information containing the mail piece zip code. The system provides a connection between the zip code, the mail piece and the encrypted message. The encrypted information can be decrypted by a computer system so that the genuiness of the postage can be determined. The above systems, while providing methods of creating unique postage indicia, do not provide a method for creating a postage indicium unique to the mail piece, virtually unduplicatable and which can be verified by a person such as a postal worker with or without the assistance of a computer. Another example of where address information has been used has been used is disclosed in U.S. Pat. No. 5,835,605 issued Nov. 10, 1998 for a method of mapping destination addresses for use in calculating digital tokens (attorney docket number E-417), the entire disclosure which is incorporated by reference.
Digital postal indicium produced by digital postage meters should evidence that postage for a given mail piece has been paid. Therefore, it is desirable that the digital postal indicia satisfy the following requirements: (1) information printed in the indicium be linked to payment; (2) each digital indicium be unique; and (3) each digital indicium be linked with the mail piece for which it provides evidence of payment. Additionally, the indicium verification process should be simple and effective, i.e. completely automated or a simple manual process performed by mail carriers handling the mail for delivery.
The first requirement, that the information printed in the indicium be linked to payment, is typically satisfied by using cryptographic techniques. A technique for linking payment and indicium employs the computation and printing of the indicium containing a pseudo-random information or digital token. The computation can be performed by a device containing a secret key. This secret key serves as an input to an algorithm producing a Message Authentication Code (MAC) or a digital signature. Encryption may be based upon any recognized code, for example, encrypt may be in accordance with the NBS Data Encryption Standard (DES) pursuant to a preset secure key. Each access to the secret key results in accounting action, e.g. subtraction of the postage from a postage register holding postal money.
The second requirement, that each digital indicium be unique, is necessary in order to provide a detection mechanism for unauthorized duplication of the indicium. This requirement is satisfied by printing unique identification on each mail piece.
The third requirement, that digital indicium be linked with the mail piece for which it provides evidence of payment, is desirable in order to simplify the detection of reused or duplicate indicia. In particular, it is very desirable to achieve the verification of the indicium without access to external sources of information, such as data bases of already used and verified indicia. This requirement considerably simplifies means for satisfying the last requirement, that the indicium verification process be simple and effective.
The linkage between the mail piece and the indicium should include data unique to a mail piece as an input to a cryptographic transformation which generates, as in the preferred embodiment, digital tokens. Analysis of data present on the mail pieces reveals that there is only one candidate for providing such unique data as an input for the cryptographic transformation, namely the destination address. By incorporating the destination address and date into the MAC or digital signature, the possibility of copying an issued (and paid) digital postal indicium on another mail piece is effectively eliminated with the exception of a mail piece destined to exactly the same address on the same day. This last modality of fraud is not considered to be a serious problem since it provides very little economic benefit to the perpetrator. Thus, it is desirable to integrate the destination address into digital tokens printed in the postal indicium.
The process of producing digital tokens by postage evidencing devices is well known and is described in U.S. Pat. No. 4,757,537 for SYSTEM FOR DETECTING UNACCOUNTED PRINTING IN A VALUE PRINTING SYSTEM; U.S. Pat. No. 4,831,555 for UNSECURED POSTAGE APPLYING SYSTEM; U.S. Pat. No. 4,775,246 for SYSTEM FOR DETECTING UNACCOUNTED FOR PRINTING IN A VALUE PRINTING SYSTEM; and, U.S. Pat. No. 4,873,645 for SECURE POSTAGE DISPENSING SYSTEM; AND U.S. Pat. No. 4,725,718 for POSTAGE AND MAILING INFORMATION APPLYING SYSTEM. The entire disclosure of these patents is hereby incorporated by reference.
Several difficulties are associated with incorporating destination address information into indicia, including: 1) address information and its presentation format should be standardized in such a way that verification process could produce, based upon the address present on the mail piece, the address input data exactly identical to the address input data which was used during indicium generation process by the postage evidencing device; and 2) this standardization should be international and suitable for any address in order to accommodate international mail and other type of mail which does not have numeric or alphanumeric postal codes. These requirements persist even if the address information printed within the indicium is in a machine readable format such as, for example, a two dimensional bar code.
The root of the difficulties in incorporating address information lies in the fact that the postage evidencing device computes indicium information, including digital tokens, from a computerized file of input data, while a verification process must compute digital tokens from the data scanned (or otherwise obtained) from the mail piece where this data exists in the form of optical images. The process of interpreting optical images in order to obtain a computerized file is notoriously error prone and the probability of error grows fast with the amount of information contained in the optical image. Additionally, cryptographic verification fails in the presence of even a single interpretation error. Thus, the cryptographic verification is unforgiving and not error tolerant. In the United States, the United States Postal Service (USPS) has defined an eleven digit Destination Point Delivery Code (DPDC) uniquely indicative of the destination address. The DPDC, when present on the mail piece and known to the postage evidencing device, can serve as the required input to the digital token transformation. Obtaining the DPDC requires access to, or possession of, a huge databases that must be updated on a frequent basis. The database updates pose a very significant financial burden for mailers. Additionally, in the United States, the DPDC is not defined for approximately 20% of addresses and an equivalent to the United States' DPDC does not exists in a vast majority of other countries including major countries of the industrial world. Thus, the utility of the DPDC for the purpose of cryptographic detection of copied indicia is considerably reduced. In summary, the DPDC does not always offer a practical and acceptable solution to achieving the goal of linking digital indicium to the mail piece.