1. Field of the Invention
The invention relates to a method for verifying the authenticity of a postage indicium generated using a franking key and applied onto a mailpiece, whereby cryptographic information contained in the postage indicium is decrypted and used for verifying the authenticity of the postage indicium.
2. Related Technology
It is a known procedure to provide mailpieces with digital postage indicia.
In order to make it easier for the senders of the mailpieces to produce postage indicia, it is possible, for example, with the franking system used by the Deutsche Post AG, to produce postage indicia in a customer system and to output them on a printer via any desired interface.
A method of this generic type is disclosed in DE 100 20 402 A1.
In order to avoid fraudulent use of this method, the digital postage indicia contain cryptographic information, for example, about the identity of the customer system controlling the production of the postage indicium.
International Patent Publication WO 01/17160 A1 relates to a method for the distribution of keys in which keys are generated by a central management unit and are transmitted in encrypted form by a distribution unit to encryption devices. These devices send a message about the successful or failed receipt of a key via the distribution unit to the management unit. If it was not possible to receive the key successfully, it is once again transmitted in unencrypted form to the appertaining encryption device.
EP 0 854 444 A2 discloses a method for encrypting and checking postage indicia that are produced with a franking machine. Here, additional keys are derived from a master key implemented in the franking machine and they are used for producing postage indicia. In a mail center, the additional keys are likewise generated and used for checking the postage indicia.
U.S. Pat. No. 5,150,408 discloses a method for key distribution in a communication system such as, for example, a wireless network, in which an encrypted message is transmitted to a communication device by a key distribution unit. After this message has been received, the communication device sends a confirmation to the key distribution unit.
The known standard ANSI X9.17 for the transmission of encrypted data (see URL http://csrc.nist.gov/publications/nistpubs/800-7/node209.html dated Oct. 7, 1994) is based on a key hierarchy of several keys. Here, at least one data key exists for encrypting data having a short lifetime, which is exchanged electronically and in encrypted form between communication partners as well as a key for encrypting the data key, which is exchanged manually. Moreover, the cited document describes the known Diffie-Hellmann method for encrypting data in which the communication partners compute a shared key from known numbers and from a secret random number.
EP 0 735 722 A2 describes a key management system for generating, distributing and managing keys for franking machines. Here, there are several secure areas that are connected to computers that allow communication among the areas as well as control of the areas. The generation of keys, their installation and their verification and confirmation are each carried out in one of the secure areas. Each area is associated with an archive in which the status of the area is protocolled.