Postage metering systems are well known in the art. A postage metering system applies evidence of postage, commonly referred to as postal indicia, to an envelope or other mailpiece and accounts for the value of the postage dispensed.
Presently, there are two postage metering system types: closed systems and open systems. In a closed system, the system functionality is solely dedicated to postage metering activity. Examples of closed metering systems include conventional digital and analog (mechanical and electronic) postage meters wherein a dedicated printer is securely coupled to a metering or accounting function. In a closed system, since the printer is securely coupled and dedicated to the meter, printing evidence of postage cannot take place without accounting for the evidence of postage. In an open system, the printer is not dedicated to the metering activity, freeing system functionality for multiple and diverse uses in addition to the metering activity. Examples of open metering systems include personal computer (PC) based devices with single/multi-tasking operating systems, multi-user applications and digital printers. An open system metering device is a postage evidencing device with a non-dedicated printer that is not securely coupled to a secure accounting module. Open system indicia printed by the non-dedicated printer are made secure by including addressee information in the encrypted evidence of postage printed on the mailpiece for subsequent verification.
Conventional analog closed system postage meters (both mechanical and electronic) have heretofore physically secured the link between printing and accounting. The integrity of the physical meter box has been monitored by periodic inspections of the meters. Digital closed system postage meters typically include a dedicated digital printer coupled to a metering (accounting) device, which is referred to herein as a postal security device (PSD). Digital printing postage meters have removed the need for the physical inspection that was required with analog systems by cryptographically securing the link between the accounting and printing mechanisms. In essence, digital printing postage meters create a secure point to point communication link between the accounting unit and printhead.
In such digital closed systems, the dedicated printer and PSD may be located in the same device and/or at the same location when placed in operation. Alternatively, the dedicated printer may be located in a first location (i.e., the local location where indicia are to be printed), and the PSD may be located in a remote location, such as a provider's data center. In the latter situation, it is still necessary for the dedicated printer to be a secure device having cryptographic capabilities so that postage printing information, such as an indicia, received from the PSD, and the PSD itself, can be authenticated. As used herein, the term “postage printing device” shall refer to: (i) a PSD that forms a part of a closed system; (ii) a closed system device that includes a PSD and one or more other components, such as a printer; and (iii) a secure dedicated printer that forms part of a closed system, such as a system where the PSD is located at a remote location.
Currently, secret key cryptography techniques are used to secure new postage printing devices between the time that they are manufactured and the time they are registered and initialized or parameterized for operation at a location such as the office or home of the user. Specifically, secret key cryptography is used to lock postage printing devices after they are manufactured and before they are transported to the parameterization location and to unlock postage printing devices once they have securely reached the parameterization location. The secret keys that are used in this process are derived from a master key that must be known to both the party manufacturing the postage printing device and the party initializing the postage printing device for operation. Any compromise of the master key could compromise the security of all of the postage printing devices that are manufactured. It is therefore necessary to maintain strict control over the master key to prevent such compromise. This is more easily accomplished if the provider of the postage printing devices both manufactures the devices and initializes the devices for operation. However, due to cost concerns, manufacturing is now frequently done by parties other than the provider at locations remote and separate from the provider. Use of the conventional secret key method in this situation presents significant security risks, as each manufacturing facility must have knowledge of the master key. A business model of having all of the devices manufactured by third parties (without any key information) first shipped to the provider for the loading of cryptographic key information before shipping them to the consumer is cost prohibitive. Thus, a system and method for securely manufacturing postage printing devices at a third party location and shipping the devices to a parameterization location prior to being placed into service is needed.