1. Field of the Invention
The present invention is directed to a security module which allows signaling of a status of the security module particularly a postal security module suitable for use in a postage meter machine or mail processing machine or a computer with mail-processing function.
2. Description of the Prior Art
Modern franking machines or other devices for franking postal matter are equipped with a printer for printing a postage value stamp (imprint) on a postal item, with a control unit for controlling the printing and the peripheral components of the postage meter machine, an accounting unit for debiting postage fees that are maintained in non-volatile memories, and a unit for encrypting postage fee data. The accounting unit and/or the encrypting unit can be realized in a component known as a security module (European Application 789 333).
The processor of the security module is, for example, an OTP (one-time programmable) processor that stores sensitive data such as cryptographic keys in a manner that is protected against readout. Encapsulation by a security housing offers further protection.
Security modules are likewise known from other electronic data processing systems and are equipped with means for protection against break-in into their electronics (European Patent 417 447).
Further measures for protecting a security module against tampering with the data stored therein are described in German Applications 198 16 572.2 and 198 16 571.4. Power consumption is increased in these devices due to the use of a number of sensors, and a security module that is not constantly supplied by a system voltage then draws the current required for the sensors from its internal battery, which prematurely drains the battery. The capacity of the battery and the power consumption thus limit the service life of such a security module.
Security modules for postage meter machines can be realized as multi-chip modules or as single-chip systems (for example, chip cards). Structurally, they are either rigidly connected to the postage meter machine or are pluggable. A pluggable security module that can assume various statuses in its life cycle. One must thereby detect whether the security module contains valid cryptographic keys. Further, it is also important to distinguish whether the security module is functioning or is defective. It is disadvantageous if a suitable xe2x80x9cstatus reading devicexe2x80x9d, for example a postage meter machine or some other device, must be present for this purpose. Under certain circumstances, such a device can be tampered with to generate a manipulated, incorrect status signaling. Existing security modules for postage meter machines have their own optical or acoustic signal means. They can only indirectly output their status, for example via beepers or the display elements of a postage meter machine. The status display can be automatically called when starting the system or can be interactively called by the user of the postage meter machine when the security in the signaling of a status can be guaranteed.
An object of the present invention is to provide a pluggable security module which has a long service life and which and dependably signals the module status.
The above object is achieved in accordance with the present invention in a security module having functional units which are interconnected with each other and which are covered by a casting compound, with the casting compound surrounding at least a part of the printed circuit board to which the functional units are connected, and wherein an optical or an acoustical signal element is connected to one of the functional units for signaling a status of the security module.
The circuit with the processor of the security module that contains sensitive data protected against readout and further functional units are protected only by a casting compound. The motherboard of a meter or of a comparable control means is therefore surrounded with a security housing that may be additionally sealed. The security module is potted with a hard compound. For changing batteries and for allowing disposal of the security module in an environmentally safe manner, the battery is arranged outside the casting compound. The battery can be easily replaced by a service technician given a plugged-in security module that is supplied by a system voltage at the time of service.
It is advantageous in the inventive security module to automatically optically (or acoustically) signals the status when the operating voltage is applied. It is thereby possible and adequate as well for the module to make only a rough distinction of the current status on the basis of its own signal means. The exact type and number of module statuses is dependent on the functions realized in the module and on the implementation.
The security module for a postage meter machine assumes the function accounting for the postage fees and/or the function of cryptographic protection of the postage fee data. The inventive security module has a separate signal element or a display unit that, with direct drive by the security module, identifies the current condition of the security module, the module condition being modified when the security module is switched into the unplugged condition and/or when the battery voltage drops below a predetermined threshold, in which case the security module may be supplied with system voltage. The signaling of the module status is activated only when the security module is supplied with system voltage. The signal element is mounted in that region of a printed circuit board of the security module where the surrounding security housing has a viewing window or an opening for signaling the module status. The signal element can be a display unit, and can be a light-emitting diode (LED) in the simplest case. It can project through the casting material. Alternatively or additionally, a number of LEDs or multi-colored LEDs or a liquid crystal display (LCD) or similar signal elements can be used, these being arranged at a part of the printed circuit board that is free of casting material.