A number of secure printing systems, which may be used for printing items of value in a secure manner, are known in the art. One example of a secure printing system is a postage metering system. A postage metering system applies evidence of postage, commonly referred to as postal indicium, to an envelope or other mailpiece (directly or on a label to be applied thereto) and accounts for the value of the postage dispensed. Secure printing systems, such as postage metering systems, typically include a processing unit, such as, without limitation, a microprocessor or a microcontroller, that includes internal memory for storing (i) programs to be executed by the processing unit (referred to herein as “internal program memory”), and (ii) state information relating to the items that are to be printed (referred to herein as “internal storage memory”). The stored state information may include, for example and without limitation, information, such as a sequence number, identifying each item that may be printed, and information which indicates whether or not each item that may be printed has in fact been printed. One particular postage metering system includes a secure postage printing device that stores and prints indicia for specific postage denominations that were previously dispensed by an approved postal security device (PSD) associated with a data center. In operation, a user sends a request to purchase postage to the data center in the form of a request for a particular number of indicia for one or more particular postage denominations (e.g., twenty $0.37 indicia and twenty $0.74 indicia). In response, the data center generates an appropriate number of postage data records or tokens (one for each requested indicium) and transmits them to the postage printing device where they are stored until printed, refunded or erased at a refurbishment facility. In such as system, the internal storage memory in the processing unit thereof stores state information for each postage data record or token including a sequence number for the token (typically generated and assigned sequentially when the tokens are created at the data center) and a state of the token, including (i) available for printing, (ii) already printed, (iii) refund pending, and (iv) refunded.
Because secure printing systems are often used for printing items of value, they may often be the subject of attack by attackers who desire to print or reprint items of value without paying for such items. For example, an attacker may try various techniques to use a postage metering system to print or reprint postal indicia, such as those represented by the tokens described above, without paying for the indicia. One such possible attack on a secure printing system includes the following steps: (1) de-solder the processing unit and remove it from the printed circuit board on which it is provided, (2) copy the state information in the internal storage memory (for example, using a PROM programmer) and save it as an image, (3) put the processing unit back onto the printed circuit board, re-solder the connections, and print items of value, such as postage, (4) again de-solder the processing unit and remove it form the printed circuit board, (5) copy the saved image of the internal storage memory back into the processing unit (for example, using a PROM programmer), which will result in the prior states being reloaded, and (6) put the processing unit back onto the printed circuit board and re-solder the connections for normal operation.
One prior art method of detecting and/or preventing such an attack employs a security bit in the processing unit. In particular, when the security bit is flipped (e.g., set to a 1), the internal memory of the processing unit cannot be read by a device such as a PROM programmer. However, frequently such a security bit also prevents execution of code from an external memory device, which make a secure printing system employing the security bit impractical for many secure applications since the code and memory space is therefore limited. Another prior art method of detecting and/or preventing such an attack involves the use of tamper detection circuitry. Such circuitry, however, is costly and therefore may not be a viable option at the lower cost end of the secure printing system market. Thus, there is a need for alternative methods for detecting the removal of a processing unit, such as a microprocessor or a microcontroller, from a printed circuit board in a secure printing system.