Electrical computers and digital processing systems: support – Data processing protection using cryptography
Reexamination Certificate
1998-12-21
2003-07-15
Smithers, Matthew (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
C380S001000
Reexamination Certificate
active
06594760
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to postage metering systems and methods and, more particularly, to closed and open postage metering systems and methods employing cryptographic processes for evidencing postage payment.
BACKGROUND OF THE INVENTION
The vast majority of the Posts around the world require prepayment for postal services provided by the Posts. This allows the Posts to avoid the substantial time and cost associated with a post-payment system that requires processing billing data and collecting and processing remittance. Prepayment, however, necessitates that individual mailpieces carry verifiable evidence of paid postage. The traditional postage stamp is a prime example of such evidence. Although postage stamps are good for many applications by low volume mailers, for moderate to high volume mailers the application of stamps is difficult and costly and are subject to theft. Furthermore, stamps do not provide information such as date and place of mailing and provide limited postal revenue security.
Arthur Pitney invented the first postage meter in 1902 to alleviate some shortcomings of postage stamps. This postage meter was a mechanical device with securely coupled printing and accounting functions. The mechanical meter, which was perfected over the years, became a widespread basic business machine. With the advent of the microprocessor, the accounting and machine control functions were computerized when electronic postage meters were introduced in the late seventies. This enabled new features, including departmental accounting and computerized meter resetting. However, the fundamental security of postage evidencing remained the same.
Postal revenue security in the analog postage meters, such as the mechanical and electronic postage meters, depends on two features: 1) physical security of the printing process, i.e., printing of postage evidence can not occur without appropriate accounting, and 2) forensic detectability, i.e., fraudulent postal indicia can be distinguished from legitimate indicia.
Coupling the printing and accounting mechanism within a secure tamper evident enclosure provides physical security of printing. Inspection of the device normally reveals tampering. Effective forensic detectability of fraudulent postal indicia depends on non-availability of alternative mechanisms suitable for forging indicia. Before the proliferation of inexpensive, high print quality computer printers, serious attempts to generate fraudulent indicia using an alternate printing mechanism were detectable.
Today, the availability of inexpensive computer-driven printers provides opportunities for customer convenience and cost advantages for printing postage evidence. However, the use of such printers requires a new way of securing postage which was first suggested in U.S. Pat. Nos. 4,641,347, 4,641,346, 4,757,537, and 4,775,246. At that time, it was realized that the security of postage evidencing depends on the security of the information printed in the indicium, including message authentication and integrity. U.S. Pat. Nos. 4,831,555 and 4,725,718 extended this idea to unsecured printing of postage disclosing the necessity that at least some of the information in the indicium must appear random to a party not in possession of some secret. Such random looking information is commonly referred to as a digital token.
The basis of postal revenue security in the digital world is two new requirements: 1) security of the digital token generating process, i.e., digital tokens can not be generated without appropriate accounting, and 2) automatic detectability, i.e., fraudulent digital tokens can be detected by automatic means.
A cryptographic transformation applied to selected data on the mailpiece produces the digital token. The data may include postage value, date, postal code of the geographical deposit area, recipient address information, meter data, and piece count. Such data is commonly referred to as postal data. The secret used to generate the digital token is generally a cryptographic key held within the accounting device. A verifier, with access to a verifying key corresponding to the accounting device secret, validates the digital token. Several cryptographic algorithms and protocols have been considered for this purpose. U.S. Pat. No. 4,853,961 describes critical aspects of public-key cryptography for mailing applications. See José Pastor, “CRYPTOPOST™ A Universal Information-Based Franking System for Automated Mail Processing”,
Proceedings of the Fourth Advanced Technology Conference of the U.S. Postal Service,
Vol. I, pp. 429-442, November 1990. See also José Pastor, “CRYPTOPOST™ A Cryptographic Application to Mail Processing”,
Journal of Cryptology,
3 (2), pp. 137-146, November 1990.
Two methods of presenting a postal verifier with fraudulent evidence of payment are a counterfeited indicium and a copied indicium. The former is an unpaid indicium that appears legitimate. The latter is a replay of a legitimate paid indicium. The present invention addresses the prevention of counterfeit indicium.
A counterfeit indicium can be detected by verifying the digital token. Verification proves that the digital token was generated by a cryptographic algorithm with access to the secret meter key. The information printed in the indicium and access to a verifying key are sufficient for the detection of counterfeited indicia as long as the secret meter key is confidential. In a public-key system, a digital signature provides the data authentication and integrity check. In a symmetric-key system a message authentication code (MAC) provides a similar check. Detection of counterfeiting is an integrity check.
Assuming integrity of the verification software and hardware, only a compromised meter secret-key can produce counterfeit indicia that passes an integrity check. This compromise could happen by violating the physical protection of the key by tampering, or by deriving the key from indicia data by cryptanalysis. Generally, tampering is detectable if the physical protection of the secure component of the postage metering system is adequate, for example following FIPS 140-1, Security Requirements for Cryptographic Modules, National Institute for Standards and Technology, January 1994. Robustness against cryptanalysis depends on the difficulty of solving certain mathematical problems, for example, discrete logarithm problems or factoring a large composite number. As part of its proposed Information-Based Indicia Program (IBIP), the USPS has proposed 1024 bit RSA or 1024 bit DSS as a measure of robustness,
The IBIP is a distributed trusted system that is expected to support new methods of applying postage in addition to, and eventually in lieu of, the current approach, which typically relies on a postage meter to mechanically print indicia on mailpieces. The IBIP requires printing large, high density, two dimensional (2D) bar codes on mailpieces. The Postal Service expects the IBIP to provide cost-effective assurance of postage payment for each mailpiece processed.
The USPS has published draft specifications for the IBIP. The INFORMATION BASED INDICIA PROGRAM (IBIP) INDICIUM SPECIFICATION, dated Jun. 13, 1996, defines the proposed requirements for a new indicium that will be applied to mail being processed using the IBIP. The INFORMATION BASED INDICIA PROGRAM POSTAL SECURITY DEVICE SPECIFICATION, dated Jun. 13, 1996, defines the proposed requirements for a Postal Security Device (PSD) that will provide security services to support the creation of a new “information based” postage postmark or indicium that will be applied to mail being processed using the IBIP. The INFORMATION BASED INDICIA PROGRAM HOST SYSTEM SPECIFICATION, dated Oct. 9, 1996, defines the proposed requirements for a host system element of the IBIP. The specifications are collectively referred to herein as the “IBIP Specifications”. The IBIP includes interfacing user (customer), postal and vendor infrastructures which are the system elements of the program.
There are three information security
Ryan Jr. Frederick W.
Twarog Edward J.
Weiant, Jr. Monroe A.
Chaclas Angelo N.
Lemm Brian A.
Malandra, Jr. Charles R.
Pitney Bowes Inc.
Smithers Matthew
LandOfFree
System and method for suppressing conducted emissions by a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for suppressing conducted emissions by a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for suppressing conducted emissions by a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3040917