Electrical computers and digital processing systems: support – Computer power control – Having power source monitoring
Reexamination Certificate
2000-03-10
2003-09-23
Lee, Thomas (Department: 2185)
Electrical computers and digital processing systems: support
Computer power control
Having power source monitoring
C340S693200, C365S228000, C365S229000
Reexamination Certificate
active
06625741
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention is directed to an arrangement for a security module of the type containing at least one functional unit, such as a processor, which is normally supplied with a system voltage and which has a battery back-up. Such a postal security module is particularly suitable for use in a postage meter machine or mail-processing machine or computer with mail-processing capability.
2. Description of the Prior Art
Modern postage meter machines, such as the thermal transfer postage meter machine disclosed in U.S. Pat. No. 4,746,234, utilize a fully electronic, digital printer. It is thus fundamentally possible to print arbitrary texts and special characters in the franking imprint printing field and an advertising slogan that is arbitrary or allocated to a cost center. For example, the postage meter machine T1000 of the Francotyp-Postalia AG & Co. has a microprocessor that is surrounded by a secured housing that has an opening for the delivery of a letter. When a letter is supplied, a mechanical letter sensor (microswitch) communicates a print request signal to the microprocessor. The franking imprint contains previously entered and stored, postal information for conveying the letter. The control unit of the postage meter machine undertakes an accounting controlled by software, exercises a monitoring function, possibly with respect to the conditions for a data updating, and controls the reloading of a postage credit.
U.S. Pat. No. 5,606,508 (corresponding to German OS 42 13 278) and U.S. Pat. No. 5,490,077 disclose a data input, such as with chip cards, for the aforementioned thermal transfer postage meter machine. One of the chip cards loads new data into the postage meter machine, and a set of further chip cards allows a setting of correspondingly stored data to be undertaken by plugging in a chip card. The data loading and the setting of the postage meter machine can thus ensue more comfortably and faster than by keyboard input. A postage meter machine for franking postal matter is equipped with a printer for printing the postage value stamp on the postal matter, with a controller for controlling the printing and the peripheral components of the postage meter machine, with a debiting unit for debiting postal fees, with at least one non-volatile memory for storing postage fee data, with at least one non-volatile memory for storing security-relevant data and with a calendar/clock. The non-volatile memory of the security-relevant data and/or the calendar/clock is usually supplied by a battery. In known postage meter machines, security-relevant data (cryptographic keys and the like) are secured in non-volatile memories. These memories are EEPROM, FRAM or battery-protected SRAM. Known postage meter machines also often have an internal real time clock RTC that is supplied by a battery. For example, potted modules are known that contain integrated circuits and a lithium battery. After the expiration of the service life of the battery, these modules must be replaced as a whole and disposed of. For economical and ecological reasons, it is more beneficial If only the battery needs to be replaced. To that end, however, the security housing must be opened and subsequently re-closed and sealed since security against attempted fraud is based essentially on the secured housing that surrounds the entire machine.
In European Application 660 269 (U.S. Pat. No. 5,671,146), disclose a suitable method for improving the security of postage meter machines wherein a distinction is made between authorized and unauthorized opening of the security housing.
Repair of a postage meter machine is possible only with difficulty on site where the access to the components is rendered more difficult or limited. Given larger mail-processing machines or devices known as PC frankers, the protected housing in the future will be reduced only to the postal security module. This can improve accessibility to the other components. It would be extremely desirable for economic replacement of the battery for this to be replaced in a relatively simple way. The battery, however, would then be located outside the security area of the postage meter machine. When the battery posts are made accessible from the outside, however, a possible tamperer is able to manipulate the battery voltage. Known battery-supply SRAMs and RTCs have different demands with respect to their required operating voltage. The necessary voltage for holding data of SRAMs is below the required voltage for the operation of RTCs. This means that a reduction of the voltage below a specific limit value leads to an undesired behavior of the component: the RTC stands still and the time of day—stored in SRAM cells—and the memory contents of the SRAM are preserved. At least one of the security measures, for example long time watchdogs, would then be ineffective at the side of the postage meter machine. For a long time watchdog, the remote data center prescribes a time credit or a time duration, particularly a plurality of days or a specific day, by which the franking device should report via a communication connection. After the time credit is exhausted or after the term expires, franking is prevented. European Application 660 270 (U.S. Pat. No. 5,680,463) disclose a method for determining the presumed time duration up to the next credit reloading, and a data center considers any postage meter machine suspicious that does not report in time. Suspicious postage meter machines are reported to the postal authority, which monitors the mail stream of letters franked by suspicious postage meter machines. An expiration of the time credit or of the deadline is also already determined by the franking device and the user is requested to implement the overdue communication.
Security modules are already known from electronic data processing systems. For protection against break-in into an electronic system, European Patent 417 447 discloses a barrier that contains a power supply and a signal acquisition circuit as well as shielding in the housing. The shielding is composed of an encapsulation and electrical lines to which the power supply and signal acquisition circuits are connected. The latter reacts to a modification of the line resistance of the lines. Moreover, the security module contains an internal battery, a voltage switch-over from system voltage to battery voltage and further functional units (such as power gate, short-circuit transistor, memories and sensors). The power gate reacts when the voltage falls below a specific limit. When the line resistance, the temperature or the emission are modified, the logic reacts. The output of the short-circuit transistor is switched to a low logic level with the power gate or with the logic, resulting in a cryptographic key stored in the memory being erased. However, the service life of the non-replaceable battery, and thus of the security module, is too short for use in franking devices or mail-processing machines.
For example, JetMail®, which is commercially available from Francotyp-Postalia AG & Co. is a larger mail-processing machine. Here, a franking imprint is produced with a stationarily arranged ink jet print head with a non-horizontal, approximately vertical, letter transport. A suitable embodiment for a printer device is disclosed in German PS 196 05 015. The mail-processing machine has a meter and a base. If the meter is to be equipped with a housing which allows components to be more easily accessible, then it must be protected against attempted fraud by a postal security module that implements at least the accounting of the postage fees. In order to preclude influence on the program run, European Application 789 333 discloses equipping a security module with an application circuit (ASIC) that contains a hardware accounting unit. The application circuit (ASIC) also controls the print data transmission to the print head.
This approach would not be required if unique imprints were produced for each piece of mail. A method and arrangement for fast generation
Post Peter
Rosenau Dirk
Schlaaff Torsten
Connolly Mark
Francotyp-Postalia AG & Co. KG
Lee Thomas
Schiff & Hardin & Waite
LandOfFree
Arrangement for a security module does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Arrangement for a security module, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Arrangement for a security module will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3045463