Data processing: financial – business practice – management – or co – Business processing using cryptography – Postage metering system
Reexamination Certificate
1998-12-24
2002-11-12
Thomas, Joseph (Department: 3626)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Postage metering system
C705S401000, C705S405000
Reexamination Certificate
active
06480831
ABSTRACT:
FIELD OF THE INVENTION
The instant invention relates to value metering systems which utilize public key cryptography for printing verifiable indications of value, and more particularly, to value metering systems which periodically generate new public key pairs and securely provide the newly generated public key to a data center located remotely from the value metering system.
BACKGROUND OF THE INVENTION
The United States Postal Service (USPS) is currently advocating the implementation of a new Information-Based Indicia Program (IBIP) in connection with the printing of postage indicium by postage metering systems. Under this new program, each postage indicium that is printed will include cryptographically secured information in a barcode format together with human readable information such as the postage amount and the date of submission to the post office. The cryptographically secured information is generated using public key cryptography and allows a verification authority, such as the post office, to verify the authenticity of the printed postage indicium based on the information printed in the indicium and the printed destination address.
In at least one scenario, use of the public key cryptographic system for postage metering systems requires the generation within each individual metering device of a key pair consisting of a private key “V” and a corresponding public key “U”. The private key V is used by the individual metering system to digitally sign the printed indicium and the digital signature is included as part of the bar coded portion of the indicium. Thus, when the verifying authority receives the indicium it verifies its authenticity in a known manner using the public key U which the verifying authority has previously received or which was sent to the verifying authority as part of the indicium. The receipt by the verifying authority of the public key is in the form of a certificate which includes, at a minimum, the public key U together with a digital signature of that public key using a private key of a trusted third party.
The USPS has recognized however, that the security of the public key system is based on the ability to prevent the compromise of the keys utilized. Accordingly, while the use of extremely large keys helps to ensure that the keys are not compromised by cryptoanalysis, the USPS has further proposed to increase security by requiring that the key pair used by each individual meter be changed on a periodic basis. Thus, each metering system will generate a new key pair to replace the existing key pair on a periodic basis. However, once a new public key U and private key V have been generated by the metering system, the new public key must be securely sent to a certificate authority so that a new public key certificate can be generated by the certificate authority and distributed back to the metering system or the verifying authority as appropriate. The USPS has proposed using the private key being replaced to sign the newly generated public key and sending the digitally signed newly generated public key to the certificate authority. The problem with this scenario is that if the private key being replaced has already been compromised, a fraudulent replacement public key can be sent to the certificate authority who will then issue a public key certificate based on the fraudulent public key. If this were to occur, postage Indicia could be printed with a standard computer without having any of the postage accounted for because the fraudulent Indicia will verify as being authentic at the verification facility.
Thus, what is needed is a method and apparatus which permits the secure transfer of newly generated public or private keys from a first device to a second device.
SUMMARY OF THE INVENTION
It is an object of the invention to provide a method of securely transmitting a key from one device to another. This object is met by providing a method for transmitting a key from a first device to a remotely located second device via the steps of generating the key within the first device; selecting one of a plurality of one-time pad values from a one-time pad stored within the first device; creating a hash of at least the key and the selected one of the plurality of one-time pad values; and sending the hash and the key from the first device to the second device.
REFERENCES:
patent: 5586036 (1996-12-01), Pintsov
patent: 5748740 (1998-05-01), Curry et al.
patent: 5764772 (1998-06-01), Kaufman et al.
patent: 5812664 (1998-09-01), Bernobich et al.
patent: 5953424 (1999-09-01), Vogelesang et al.
patent: 6041317 (2000-03-01), Brookner
patent: 6219669 (2001-04-01), Haff et al.
patent: 0 851 630 (1998-07-01), None
patent: WO-01/74005 (2001-10-01), None
Schneider, Processing a secure message on the Internet, Jun. 1997, Journal of Lending & Credit Risk Management, vol. 79 No. 10, pp. 58-63.*
Rubin, One-Time Pad Cryptography, Jan. 1997, http://www.contestcen.com/crypt005.htm, downloaded Aug. 2002.*
Wegman M N et al: “New Hash functions and their use in authentication and set equality”, Journal of Computer and System Sciences, Jun. 1981, USA, vol. 22, NR. 3, pp. 265-279 XP008003418.
Cordery Robert A
Ryan Jr. Frederick W.
Sisson Robert W.
Chaclas Angelo N.
Gilligan Christopher L.
Pitney Bowes Inc.
Shapiro Steven J.
Thomas Joseph
LandOfFree
Method and apparatus for securely transmitting keys from a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for securely transmitting keys from a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for securely transmitting keys from a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2931953