EP1035518B1 - Arrangement for the protection of a security module - Google Patents

Description

The invention relates to an arrangement for protecting a security module, according to claim 1. Such a postal security module is particularly suitable for use in a postage meter or mail processing machine or computer with mail processing function.

Modern franking machines, like those from the US 4,746,234 known thermal transfer postage meter, employ a fully electronic digital printing device. Thus, it is possible in principle to print any text and special characters in the franking stamp printing area and any or a cost center associated advertising clause. For example, Applicants' T1000 meter has a microprocessor surrounded by a secure housing having an opening for delivering a letter. For a letter feeder, a mechanical letter sensor (microswitch) transmits Pressure request signal to the microprocessor. The franking imprint includes previously entered and stored postal information for conveying the letter. The control unit of the franking machine carries out a software billing, exercises a monitoring function, possibly with regard to the conditions for a data update, and controls the reloading of a port value credit.

For the abovementioned thermal transfer franking machine has already been in US 5,606,508 ( DE 42 13 278 B1 ) and in US 5,490,077 proposed a data entry option using smart cards. One of the smart cards loads new data into the postage meter machine and a set of further smart cards allows a setting to be made according to stored data by inserting a chip card. The data loading and the setting of the franking machine can thus be more convenient and faster than by keyboard input. A franking machine for franking mail is provided with a printer for printing the postage stamp on the mail, a controller for controlling the printing and peripheral components of the postage meter, a bill unit for settling postage, at least one nonvolatile memory for storing postage data , equipped with at least one non-volatile memory for storing safety-relevant data and with a calendar / clock. The non-volatile memory of the safety-related data and / or the calender / clock is usually powered by a battery. In known franking machines, security-relevant data (cryptographic keys and the like) are saved in nonvolatile memories. These memories are EEPROM, FRAM or battery backed SRAM. Known franking machines often also have an internal real time clock (RTC), which is powered by a battery. For example, are known encapsulated modules containing integrated circuits and a lithium battery. These modules must be replaced and disposed of at the end of the life of the battery as a whole. From an economic and ecological point of view, it is better if only the battery needs to be replaced. For this purpose, however, the security case must be opened and then closed again and sealed, because the security against fraud is essentially based on the secure housing, which encloses the entire machine. The applicant was in EP 660 269 A2 ( US 5,671,146 ) be ready proposed a suitable method for improving the safety of franking machines, in which a distinction is made between an authorized and unauthorized opening of the security housing.

Any required repair of a franking machine is then difficult on site, if the access to the components is difficult or limited. In the case of larger mail processing machines or so-called PC frankers, the secured housing will in future be reduced to the so-called postal security module, which can improve the accessibility to the other components. To economically exchange the battery of the security module, it would also be desirable that these be relatively simple can be replaced. For this purpose, the battery must be outside the security range of the franking machine. However, when the battery terminals are accessed from the outside, a potential attacker is able to manipulate the battery voltage. Known battery-powered SRAM and RTC have different requirements with regard to their required operating voltage. The voltage required to hold data from SRAM is below the required voltage for operating RTC. This means that decreasing the voltage below a certain threshold will result in undesired behavior of the components: the RTC will stop, the time stored in SRAM cells, and the memory contents of the SRAM will be preserved. At least one of the security measures, for example long-time watchdogs, would then be ineffective on the franking machine side. Long time watchdogs are understood to mean the following: The enifernte data center specifies a time credit or a period of time, in particular a number of days, or a specific day up to which the franking device can report via communication link. After unsuccessful expiration of the time credit or the deadline, franking is prevented. Under the title: Procedure and Arrangement for the Generation and Verification of a Security Imprint has already been published in the EP 660 270 A2 ( US 5,680,463 ) a method is proposed to determine the probable period until the next credit recharge, which is considered by a data center that postage meter as suspect, which does not report in due time. Suspended franking machines are communicated to the postal authority, which monitors the mail flow for letters franked by suspect franking machines. A lapse of the time credit or the deadline is already determined by the franking facility. The user is prompted to perform the overdue communication. However, this franking device does not have a separate security module.

Security modules are already known from electronic data processing systems ago. To protect against burglary in an electronic system is in EP 417 447 B1 already proposed a lock, which includes power supply and signal detection means and shielding in the housing. The shielding means is made of encapsulating material and conductive means to which the power supply and signal detection means are connected. The latter responds to a change in the line resistance of the line means. In addition, the security module contains an internal battery, a voltage switch from system voltage to battery voltage, a power gate and a short-circuit transistor as well as other sensors. When the voltage falls below a certain limit, the Power Gate responds. If the line resistance, temperature or radiation is changed, the logic will react. By means of the power gate or by means of the logic, the output of the short-circuit transistor is switched to L level, whereby a memory stored in the cryptographic key is deleted. However, the life of the non-replaceable battery and thus of the security module for use in franking devices or mail processing machines is too small.

A larger mail processing machine is, for example, the JetMail®. A franking print is here produced by means of a stationary ink jet printhead in a non-horizontal approximately vertical letter transport. A suitable design for a printing device was already in the DE 196 05 015 C1 proposed. The mailing machine has a meter and a base. If the meter is to be equipped with a housing so that components are more easily accessible, then it must be protected by a postal security module fraud attempts, which at least performs the settlement of postal fees. To exclude influences on the program, has already been in the EP 789 333 A2 under the title: Postage meter proposed to equip a security module with an Application Specific Integrated Circuit ASIC, which has a hardware Abrecheneinheit. The user circuit also controls the print data transfer to the print head.

The latter would only be required if unique items were created for each item of mail. A suitable method and arrangement for generating and checking a security impression is, for example, in US 5,680,463 . US 5,712,916 and US 5,734,723 been proposed. A special security marking is generated electronically and embedded in the printed image.

Further measures to protect a security module against an attack on the data stored in it were also in the not pre-published German applications 198 16 572.2 and 198 16 571.4 proposed. With a large number of sensors, the power consumption increases and a safety module, which is not always supplied by a system voltage, then draws the current required for the sensors from its internal battery, which also depletes the latter at an early stage. The capacity of the battery and the power consumption thus limit the life of a security module.

Like many other products, franking machines are also modular. This modularity allows the exchange of modules and components for various reasons. Thus, e.g. defective modules are replaced and replaced by checked, repaired or new modules. Since the utmost care is required in the exchange of assemblies containing safety-relevant data, the replacement usually requires the use of a service technician and measures that prevent its functioning in case of improper use or unauthorized replacement of a security module. The latter is very expensive.

The invention has for its object, with little effort to ensure protection against an unauthorized manipulated security module when the security module is arranged interchangeable. The exchange should be possible by anyone in the simplest possible way.

The object is achieved with the features of the arrangement according to claim 1.

The invention assumes, by means of functional units, the exchange, the manipulation and the use of a security module of a franking machine, mail processing device or similar device in order to provide users of the various devices with a guarantee about the correct functioning of the security module and thus of the entire device. Exchanging or damaging the safety module is at least detected and, if necessary, subsequently signaled as a state when the safety module is plugged in again and supplied with a system voltage. The changes in the state of the security module are detected by means of a first functional unit and by means of a detection unit, which has a resettable latching and is powered by a battery. The first functional unit can evaluate the respective state when it is supplied with system voltage again. The advantages are a quick response to changes in the state of the security module and a low battery power consumption of the detection unit even during the non-supply of the system voltage.

A second functional unit may optionally monitor the battery voltage to see if its capacity has been exhausted. A required battery change is signaled, of course, a supply must be backed up by the system voltage. It is to be assumed at least then of an improper use of a security module in the exchange, in which not only the system voltage is missing, but also the interchangeable battery is removed. So that the replacement of the lowest possible qualified personnel and in the future can even be performed by the user, the second functional unit monitors the power failure when replacing the battery, the first functional unit, if necessary, first deletes sensitive data and thus restricts the further use of the security module or even prevented. After an on-site inspection of the security module by a service, the original functionality can be restored with the housing intact. The first functional unit enforces a later re-commissioning contact the security module with a remote data center to unlock at least one functional unit. If the entire security module has been exchanged without changing the battery, sensitive data is also first deleted by the second functional unit, but the sensitive data can be reinitialized during the restart. To establish contact methods with a digital or analog transmission link can be used. Also, an inspection of the security module is then by a Service causes. The safety module can signal different states. For example, a distinction can be made as to whether the last contact with the data center was made so long ago that it already seems suspicious or long that reinitialization is no longer permitted. The first functional unit is constantly evaluating a first day loan. When the latter is exhausted, the suspicious state is signaled. By contacting the data center, the normal working condition can be restored without requiring an on-site inspection by a service. The time credit can be variable and vary from security device to security device. The time credit can be specified by the data center and loaded during installation into a memory of the security device. The first functional unit constantly evaluates a second daily loan. When the latter is exhausted, the state "LOST" is signaled. In the latter case, an inspection of the security module by a local service is also required.

The security module protection assembly comprises the security module having logic means for supplying the security module with a system voltage or with a voltage from a battery and with a number of monitoring means. It is described by at least a first and a second functional unit and by means for loading at least one time credit specified by the data center and by a signal means connected to a first functional unit, the charging being performed during installation and reloading into a memory of the security device is, and wherein the first functional unit evaluates a day loan on time and the signal means controls, at least to signal the timing, and by means of the second functional unit for deleting sensitive data in memory due improper use or replacement of the security module.

• Figur 1, Blockbild und Interface des Sicherheitsmoduls,
• Figur 2, Blockschaltbild der Frankiermaschine,
• Figur 3, Perspektivische Ansicht der Frankiermaschine von hinten,
• Figur 4, Blockschaltbild des Sicherheitsmoduls (zweite Variante),
• Figur 5, Schaltbild der Detektionseinheit,
• Figur 6, Seitenansicht des Sicherheitsmoduls (1 .Variante),
• Figur 7, Draufsicht auf das Sicherheitsmodul (1 .Variante),
• Figur 8a, Ansicht des Sicherheitsmoduls von rechts (1 .Variante),
• Figur 8b, Ansicht des Sicherheitsmoduls von links (1 .Variante),
• Figur 9, Tabelle für Statussignalisierung,
• Figur 10, Darstellung der Prüfungen im System für statische und dynamisch änderbare Zustände,
• Figur 11, Seitenansicht des Sicherheitsmoduls (2.Variante),
• Figur 12, Draufsicht auf das Sicherheitsmodul (2.Variante),
• Figur 13a, Ansicht des Sicherheitsmoduls von rechts (2.Variante),
• Figur 13b, Ansicht des Sicherheitsmoduls von links (2.Variante).

Advantageous developments of the invention are characterized in the subclaims or are presented in more detail below together with the description of the preferred embodiment of the invention with reference to FIGS. Show it:

• FIG. 1 , Block diagram and interface of the security module,
• FIG. 2 , Block diagram of the franking machine,
• FIG. 3 , Perspective view of the franking machine from behind,
• FIG. 4 , Block diagram of the security module (second variant),
• FIG. 5 , Circuit diagram of the detection unit,
• FIG. 6 , Side view of the security module (1st variant),
• FIG. 7 , Top view of the security module (1st variant),
• FIG. 8a , View of the security module from the right (1st variant),
• FIG. 8b , View of the safety module from the left (1st variant),
• FIG. 9 , Table for status signaling,
• FIG. 10 , Representation of the tests in the system for static and dynamically changeable states,
• FIG. 11 , Side view of the security module (2nd variant),
• FIG. 12 , Top view of the security module (2nd variant),
• FIG. 13a , View of the security module from the right (2nd variant),
• FIG. 13b , View of the safety module from the left (2nd variant).

In the FIG. 1 is a block diagram of the security module 100 with the contact groups 101, 102 for connection to an interface 8 and with the battery contact terminals 103 and 104 of a battery interface for a battery 134 shown. Although the security module 100 is potted with a hard potting compound, the battery 134 of the security module 100 is interchangeably disposed outside of the potting compound on a printed circuit board. The circuit board carries the battery contact terminals 103 and 104 for connecting the poles of the battery 134. By means of the contact groups 101, 102, the security module 100 is plugged into a corresponding interface 8 of the motherboard (motherboard) 9. The first contact group 101 communicates with the system bus of a control device and the second contact group 102 serves to supply the security module 100 with the system voltage. Via the pins P3, P5-P19 of the contact group 101 run address and data lines 117, 118 and control lines 115. The first and / or second contact group 101 and / or 102 are / is designed for static and dynamic monitoring of the plugged in the security module 100. About the pins P23 and P25 of the contact group 102, the supply of the security module 100 is realized with the system voltage of the motherboard 9 and the pins P1, P2 and P4, a dynamic and static non-detection detected by the security module 100. The latter requires a detection unit 13, which is connected via a conductor loop 192, 194 to the pin P4 of the contact group 102. The conductor loop may be formed as part of the particular secure part of the security module 100 and embedded in sealing compound so that in a mechanical or chemical attack on the aforementioned part of the security module 100, the contact with the pin P4 is interrupted.
The security module 100 has, in a manner known per se, a microprocessor 120 which contains an integrated read-only memory (internal ROM) with the special application program (not shown), which is approved for the franking machine by the postal authority or the respective mail carrier. Alternatively, a conventional read-only memory ROM or FLASH memory can be connected to the internal data bus 126.
The security module 100 has, in a manner known per se, a reset circuit unit 130, a user circuit ASIC 150 and a logic PAL 160 which serves as the control signal generator for the ASIC. The reset circuit unit 130 and the user circuit ASIC 150 and the logic PAL 160 and possibly other - not shown - memory are supplied via the lines 191 and 129 with system voltage Us +, which is supplied from the motherboard 9 when the franking device is turned on. In the EP 789 333 A2 The essential parts of a postal security module PSM have already been explained, which implement the functions of billing and hedging the postal fee data.

The system voltage Us + is also applied via a diode 181 and the line 136 at the input of the voltage monitoring unit 12. At the output of the voltage monitoring unit 12, a second operating voltage Ub + is supplied, which is available via the line 138. When the franking device is switched off, not the system voltage Us +, but only the battery voltage Ub + is available. The negative terminal battery contact terminal 104 is connected to ground. From the battery contact terminal 103 lying on the positive pole, battery voltage is supplied via a line 193, via a second diode 182 and the line 136 to the input of the voltage monitoring unit. As an alternative to the two diodes 181, 182, a commercial circuit can be used as a voltage switch 180.

The output of the voltage monitoring unit 12 is connected via a line 138 to an input for this second operating voltage U _{b + of} the processor 120, which leads at least to a RAM memory area 122, 124 and there guarantees non-volatile storage as long as the second operating voltage U _{b +} in the required Height is applied. The processor 120 preferably includes an internal RAM 124 and a real-time clock (RTC) 122.

The voltage monitoring unit 12 in the security module has a resettable latching, which can be queried by the processor 120 via a line 164 and reset via a line 135. For a reset of the latching, the voltage monitoring unit 12 has circuit means. The reset can only be triggered when the battery voltage has risen above the predetermined threshold. The lines 135 and 164 are each connected to a pin (pins 1 and 2) of the processor 120. Line 164 provides a status signal to processor 120, and line 135 provides a control signal to voltage monitoring unit 12.

The line 136 at the input of the voltage monitoring unit 12 also supplies an unplugged detection unit 13 with operating or battery voltage. The unplugged detection unit 13 outputs on the line 139 a status signal to a pin 5 of the processor 120, which gives an indication of the state of the circuit. The processor 120 queries the state of the unplugged detection unit 13 via the line 139. The processor may reset the unplugged detection unit 13 with a signal output from the pin 4 of the processor 120 via the lead 137. After setting, a static check is made for connection. For this purpose, ground potential is queried via a line 192, which is present at the connection P4 of the interface 8 of the postal security module PSM 100 and can only be interrogated if the security module 100 is inserted properly. When plugged security module 100 ground potential of the negative pole 104 of the battery 134 of the postal security module PSM 100 is placed on the port P23 of the interface 8 and is thus interrogated at port P4 of the interface 8 via the line 192 of the unplugged detection unit 13.

At the pins 6 and 7 of the processor 120 is a line loop, which is looped back to the processor 120 via the pins P1 and P2 of the contact group 102 of the interface 8. For dynamic testing of the connectedness of the postal security module PSM 100 to the motherboard 9, the processor 120 generates alternating signal levels at quite irregular time intervals at the pins 6, 7 and looping them back through the loop.
The postal security module PSM 100 is equipped with a long-live battery, which also allows monitoring of the use without the security module is connected to a system voltage of a postal processing facility. Proper use, operation, installation or installation in the appropriate environment are those characteristics to be tested by the functional units of the safety module. An initial installation is made by the manufacturer of the postal security module. Thus, after this initial installation, it is only necessary to check whether the postal security module is disconnected from its field of application (post-processing device), this usually taking place during an exchange.
The monitoring of this condition is performed by the unplugged detection unit 13. This is done via the ground connection at pin 4 of the interface unit 8 monitors a voltage level. When replacing the functional unit, this ground connection is interrupted and the unplugged detection unit 13 registers this process as information. Since in a mechanical or chemical attack on the security module 100 and for each separation of the security module 100 from the interface unit 8, the storage of this information by the special battery-powered circuitry is ensured, an evaluation of this information can be done at any time, if a restart is desired , The regular evaluation of this disconnection signal on the line 139 of the detection unit 13 makes it possible for the processor 120 to delete sensitive data without, however, changing the billing and customer data in the NVRAM memories. The current state of the postal security module with the deleted sensitive data can be understood as a maintenance condition, in which usually the replacement, repair or otherwise is made. Since the sensitive data of the functional unit are deleted, an error due to improper handling of the postal security module is excluded. The sensitive data are, for example, cryptographic keys. The processor 120 prevents in the maintenance state a core functionality of the postal security module, which consists for example in the billing and / or calculation of a security code for the security marking in a security print.

For recommissioning the postal security module PSM is first inserted and electrically connected to the corresponding interface unit 8 of a mail processing device. Then the device is switched on and thus the postal security module is again supplied with system voltage Us +. Due to the special condition, the proper installation of the postal security module must now be rechecked by its functional unit. For this purpose, a second stage of a test (dynamic plug-in detection) is provided. By means of an operative connection established between the first functional unit (processor 120) and the current loop 18 of the interface unit 8, information is exchanged whose error-free transmission provides proof of the proper installation. This is a prerequisite for a successful restart.

For the state change to the normal operating state, a reinitialization of the sensitive data is now required. Between the postal security module and a third instance, a communication is made, the latter transmits these sensitive data. Upon successful transmission, the untagged detection unit 13 is reset and the postal security module returns to its normal operating state. The restart is complete.

The FIG. 2 shows a block diagram of a postage meter, which is equipped with a chip card read / write unit 70 for reloading change data by chip card and with a printing device 2, which is controlled by a control device 1. The control device 1 has a motherboard 9 equipped with a microprocessor 91 with associated memories 92, 93, 94, 95.

The program memory 92 contains an operating program for at least printing and at least safety-related components of the program for a predetermined format change of a portion of the user data.
The RAM RAM 93 is used for volatile intermediate storage of intermediate results. NVM 94 non-volatile memory is used for non-volatile caching of data, such as statistical data organized by cost center. The calendar / clock module 95 also contains addressable but non-volatile memory areas for the non-volatile intermediate storage of intermediate results or also known program parts (for example for the DES algorithm). It is provided that the control device 1 is connected to the chip card write / read unit 70, wherein the microprocessor 91 of the control device 1 is programmed, for example, to load the payload N from the memory area of a chip card 49 for their application in corresponding memory areas of the franking machine , A first chip card 49 inserted in a slot 72 of the chip card write / read unit 70 allows reloading of a record in the postage meter machine for at least one application. The chip card 49 contains, for example, the postage for all the usual postal carrier services according to the tariff of the postal authority and a post carrier code to generate a stamp image with the franking machine and to stamp the postal items according to the tariff of the postal authority.

The control device 1 forms the actual meter with the means 91 to 95 of the aforementioned motherboard 9 and also includes a keyboard 88, a display unit 89 and an application-specific circuit ASIC 90 and the interface 8 for the postal security module PSM 100. The security module PSM 100 is about a control bus to the aforementioned ASIC 90 and the microprocessor 91 and via the parallel μC bus at least with the means 91 to 95 of the motherboard 9 and connected to the display unit 89. The control bus carries lines for the signals CE, RD and WR between the security module PSM 100 and the aforementioned ASIC 90. The microprocessor 91 preferably has a pin for an output from the security module PSM 100 interrupt signal i, other connections for the keyboard 88, a For example, the serial interface SI-1 for the connection of the chip card write / read unit 70 and a serial interface SI-2 for the optional connection of a MODEM by means of the MODEM can be used to increase the credit stored in the non-volatile memory of the postal security device PSM 100.

The postal security device PSM 100 is surrounded by a secured housing. Before each franking imprint, a hardware settlement is carried out in the postal security module PSM 100. Billing is independent of cost centers. The postal security agent PSM 100 can be designed internally as in the European application EP 789 333 A3 was described in more detail. It is contemplated that the ASIC 90 may include a serial interface circuit 98 to a post-stream powered device, a serial interface circuit 96 to the sensors and actuators of the printing device 2, a serial interface circuit 97 to the print control electronics 16 for the printhead 4, and a serial interface circuit 99 to one has the printing device 20 in the post-stream downstream device. Of the DE 197 11 997 an embodiment variant for the peripheral interface can be removed, which is suitable for multiple peripheral devices (stations). It is entitled: Arrangement for communication between a base station and other stations of a mailing machine and their emergency shutdown.

The interface circuit 96 coupled to the machine interface in the interface circuit 14 provides at least one connection to the sensors 6, 7, 17 and to the actuators, for example to Drive motor 15 for the roller 11 and to a cleaning and sealing station RDS 40 for the inkjet printhead 4, as well as the label dispenser 50 in the machine base forth The basic arrangement and the interaction between the inkjet printhead 4 and the RDS 40 are the DE 197 26 642 C2 removable, entitled: Arrangement for positioning an ink jet printhead and a cleaning and sealing device.
One of the arranged in the guide plate 20 sensors 7, 17 is the sensor 17 and is used to prepare the pressure release during letter transport. The sensor 7 is used for initial letter recognition for the purpose of triggering the letter transport. The transport device consists of a conveyor belt 10 and two rollers 11,11 '. One of the rollers is equipped with a motor 15 drive roller 11, another is the follower tension roller 11 '. Preferably, the drive roller 11 is designed as a toothed roller, according to the conveyor belt 10 is designed as a toothed belt, which ensures the unambiguous power transmission. An encoder 5, 6 is coupled to one of the rollers 11, 11 '. Preferably, the drive roller 11 is firmly seated with an incremental encoder 5 on an axis. The incremental encoder 5 is designed for example as a slotted disk, which cooperates with a light barrier 6, and outputs via the line 19 an encoder signal to the motherboard 9 from.
It is envisaged that the individual printing elements of the print head are connected within its housing with a print head electronics and that the print head for a purely electronic pressure can be controlled. The pressure control is based on the path control, whereby the selected stamp offset is taken into account, which is entered by keyboard 88 or if necessary by chip card and stored in memory NVM 94 non-volatile. A planned imprint thus results from stamp offset (without printing), the franking print image and possibly further print images for advertising clichés, shipping information (optional prints) and additional editable messages. The nonvolatile memory NVM 94 has a plurality of memory areas. These include those which save the loaded postage fee tables non-volatile.
The smart card write / read unit 70 consists of an associated mechanical support for the microprocessor card and contact unit 74. The latter allows a secure mechanical support of the smart card in the read position and clear signaling of reaching the reading position of the smart card in the contacting unit. The microprocessor card with the microprocessor 75 has a programmed read capability for all types of memory cards or smart cards. The interface to the franking machine is a serial interface in accordance with the RS232 standard. The data transfer rate is min. 1.2 K baud. The power supply is switched on by means of a switch 71 connected to the mainboard. After the power supply has been switched on, a self-test function with a ready message takes place.

In the FIG. 3 is a perspective view of the postage meter from behind. The franking machine consists of a meter 1 and a base 2. The latter is equipped with a smart card write / read unit 70, which is arranged behind the guide plate 20 and accessible from the housing upper edge 22. After switching on the franking machine by means of the switch 71, a chip card 49 is inserted from top to bottom in the insertion slot 72. A supplied standing on the edge letter 3, which rests with its surface to be printed on the guide plate is then printed according to the input data with a franking stamp 31. The letter feeding opening is bounded laterally by a transparent plate 21 and the guide plate 20. The status display of the security module 100 inserted on the motherboard 9 of the meter 1 is visible from the outside through an opening 109.

The FIG. 4 shows a block diagram of the postal security module PSM 100 in a preferred variant. The negative pole of the battery 134 is connected to ground and a pin P23 of the contact group 102. The positive pole of the battery 134 is connected to the one input of the voltage changeover switch 180 via the line 193, and the system voltage leading line 191 is connected to the other input of the voltage changeover switch 180. The battery 134 is the SL389 / P for a life of up to 3.5 years or the SL-386 / P for a life of up to 6 years with a maximum power consumption by the PSM 100. The voltage switch 180 is a commercially available circuit of type ADM 8693ARN. The output of the voltage changeover switch 180 is connected via the line 136 to the battery monitoring unit 12 and the detection unit 13. The battery monitoring unit 12 and the detection unit 13 communicate with the pins 1, 2, 4 and 5 of the processor 120 via the lines 135, 164 and 137, 139 in communication. The output of the voltage switch 180 is also on the line 136 on Supply input of a first memory SRAM, which is the existing battery 134 to nonvolatile memory NVRAM a first technology.
The security module communicates with the postage meter via the system bus 115, 117, 118. The processor 120 may communicate via the system bus and a modem 83 in communication with a remote data center. The billing is performed by the ASIC 150 and checked by the processor 120. The postal billing data is stored in non-volatile memory of different technology.
The system voltage is applied to the supply input of a second memory NV-RAM 114. The latter is a nonvolatile NVRAM of a second technology, (SHADOWRAM). This second technology preferably comprises a RAM and an EEPROM, the latter automatically assuming the data contents in the event of system voltage failure. The NVRAM 114 of the second technology is connected to the corresponding address and data inputs of the ASIC 150 via an internal address and data bus 112, 113.

The ASIC 150 contains at least one hardware abort unit for the calculation of the postal data to be stored. Programmable Array Logic (PAL) 160 accommodates access logic to ASIC 150. The ASIC 150 is controlled by the PAL 160 logic. An address and control bus 117, 115 from the motherboard 9 is connected to corresponding pins of the PAL 160 logic and the PAL 160 generates at least a control signal for the ASIC 150 and a control signal 119 for the program memory FLASH 128. The processor 120 executes a program stored in the FLASH 128. Processor 120, FLASH 28, ASIC 150, and PAL 160 are interconnected via a module-internal system bus that includes lines 110, 11, 12, 126, 119 for data, address, and control signals.
The processor 120 of the security module 100 is connected via a module-internal data bus 126 to a FLASH 128 and to the ASIC 150. The FLASH 128 is supplied with system voltage Us +. For example, it is a 128 Kbyte FLASH memory type AM29F0I0-45EC. The ASIC 150 of the postal security module 100 provides via a module-internal address bus 110, the addresses 0 to 7 to the corresponding address inputs of the FLASH 128. The processor 120 of the security module 100 provides via an internal address bus 111 the Addresses 8 to 15 to the corresponding address inputs of the FLASH 128. The ASIC 150 of the security module 100 is connected via the contact group 101 of the interface 8 with the data bus 118, with the address bus 117 and the control bus 115 of the motherboard 9 in communication.

It is envisaged that the processor 120 has memory 122, 124 to which an operating voltage Ub + from a voltage monitoring unit 12 is supplied via the line 138. In particular, a real-time clock RTC 122 and the memory RAM 124 are supplied by an operating voltage via the line 138. The voltage monitor unit (Battery Observer) 12 also provides a status signal 164 and responds to a control signal 135. The voltage selector 180, as output voltage on the line 136 for the battery observer 12 and memory 116, passes that of its input voltages as a supply voltage which is higher than the other one , Due to the possibility of automatically feeding the described circuit as a function of the magnitude of the voltages Us + and Ub + with the larger of the two, during normal operation the battery 134 can be exchanged without loss of data.

The battery 134 of the security module 100 feeds in the rest periods outside normal operation in the aforementioned manner the real-time clock (RTC) 122 with date and / or time registers and / or the static RAM (SRAM) 124, which holds security-relevant data. If the voltage of the battery drops below a certain limit during battery operation, the voltage monitoring unit 12 connects the feed point for the RTC and SRAM to ground until reset. The voltage at the RTC and SRAM is then at 0V. As a result, the SRAM 124, which contains eg important cryptographic keys, is deleted very quickly. At the same time, the registers of RTC 122 are cleared and the current time and date are lost. This action prevents a potential attacker from stopping the postage meter internal clock 122 by manipulating the battery voltage without losing any security related data. This prevents the attacker from circumventing security measures such as long time timers or watchdogs. The aforementioned security measures are based on the Figures 9 and 10 explained in detail.

The RESET unit 130 is connected via the line 131 to the pin 3 of the processor 120 and to a pin of the ASIC 150. The processor 120 and the ASIC 150 are reset by a reset generation in the RESET unit 130 when the supply voltage drops.

Simultaneously with the indication of the undervoltage of the battery, the described circuit changes into a self-holding state in which it remains even when subsequently increasing the voltage. The next time the module is switched on, the processor can query the state of the circuit (status signal) and thus and / or via the evaluation of the contents of the erased memory, conclude that the battery voltage has in the meantime fallen below a certain value. The processor may reset the monitor circuit, i. make a fad.

The unplugged detection unit 13 has to measure the input voltage line 192, which is connected via the plug of the security module and interface 8, preferably via a socket on the motherboard 9 of the postage meter to ground. This measurement is used for static monitoring of the arrangement and forms the basis for monitoring at a first stage. It is contemplated that the unplugged detection unit 13 comprises resettable latching means, the latching being triggered when the voltage level on a sense voltage line 192 deviates from a predetermined potential. At the same time, the evaluation logic includes the processor 120 connected to the other functional units, which is programmed to detect and change the respective state of the security module 100. The state of latching can be queried via the line 139 from the processor 120 of the security module 100. The measuring voltage potential on the line 192 corresponds to ground potential when the security module 100 is properly inserted. On line 139 is operating voltage potential. Ground voltage potential is present on the line 139 when the security module 100 is unplugged. The processor 120 has a fifth pin 5, to which the line 139 is connected in order to query the state of the unplugged detection unit 13, whether it is switched to ground potential with latching. To the state to reset the latching of the unplugged detection unit 13 via the line 137, the processor 120 has a fourth pin 4.

Furthermore, a current loop 18 is provided which also connects the pins 6 and 7 of the processor 120 via the plug of the security module and via the socket on the motherboard 9 of the postage meter machine. The lines on the pins 6 and 7 of the processor 120 are closed only to a current loop 18 at a plugged into the motherboard 9 PSM 100. This loop forms the basis for a dynamic monitoring of the plugged-in safety module on a second level.

The processor 120 internally comprises a processing unit CPU 121, a real-time clock RTC 122, a RAM unit 124 and an input / output unit 125. The processor 120 is equipped with pins 8, 9 for outputting at least one signal for signaling the status of the security module 100 , At the pins 8 and 9 are I / O ports of the input / output unit 125 to which module-internal signaling means are connected, for example, colored light emitting diode LED's 107, 108, which signal the state of the security module 100. The safety modules can assume different states in their life cycle. So, for example, to detect whether the module contains valid cryptographic keys. Furthermore, it is also important to distinguish whether the module is working or is defective. The exact type and number of module states depends on the implemented functions in the module and on the implementation.

Based on FIG. 5 the circuit diagram of the detection unit 13 will be explained. It is provided that the unplugged detection unit 13 has a voltage divider, which consists of a series circuit of resistors 1310, 1312, 1314 and between a tapped by a capacitor 1371 supply voltage potential and a Meßspannungspotential on the line 192 is placed. The circuit is supplied via line 136 with the system or battery voltage. The respective supply voltage from the line 136 passes through a diode 1369 to the capacitor 1371 of the circuit. On the output side of the circuit is an inverter 1320, 1398. In the normal state, the transistor 1320 of the inverter is disabled and the supply voltage is via the resistor 1398 on the line 139, which therefore logically '1', ie H level in the normal state leads. An L level on line 139 is advantageous as a status signal for unplug because then no current flows into pin 5 of processor 120, increasing battery life. The diode 1369, preferably in conjunction with an electrolytic capacitor 1371, ensures that the circuit upstream of the inverter is supplied with a voltage over a relatively long period of time (> 2 sec), in which its function is ensured, even though the voltage on the line 136 is already high was turned off.
The voltage divider 1310, 1312, 1314 has a tap 1304 to which a capacitor 1306 and the noninverting input of a comparator 1300 are connected. The inverting input of the comparator 1300 is connected to a reference voltage source 1302. The output of the comparator 1300 is connected on the one hand via the negator 1324.1398 to the line 139 and on the other hand to the control input of a switching means 1322 for latching. The switching means 1322 is connected in parallel with the resistor 1310 of the voltage divider, and the latching switching means 1316 is connected between the tap 1304 and ground. The tap 1304 of the voltage divider is at the junction of the resistors 1312 and 1314. The capacitor 1306 connected between the tap 1304 and ground prevents vibrations. The voltage at tap 1304 of the voltage divider is compared in comparator 1300 with the reference voltage of source 1302. If the voltage to be compared at tap 1304 is less than the reference voltage of source 1302, 50, the comparator output remains switched low and transistor 1320 of the inverter is disabled. As a result, the line 139 now receives operating voltage potential and the status signal leads logically '1'. The voltage divider is dimensioned so that at ground potential on the line 192, the tap 1304 performs a voltage which is safely below the switching threshold of the comparator 1300. If the connection is interrupted and the line 192 is no longer connected to ground, because the security module 100 has been detached from the socket on the motherboard 9 or interface unit 8 of the franking machine, the voltage at the tap 1304 is pulled over the voltage of the reference voltage source 1302 and the Comparator 1300 switches over. The comparator output is switched to H level, and thus the transistor 1320 is turned on. As a result, the line 139 is connected to ground potential and the status signal logic '0. By means of a transistor 1322, which is connected in parallel with the resistor 1310 of the voltage divider, a self-holding circuit of the unplugged detection unit 13 is realized. The control input of transistor 1322 is switched to the H level by the comparator output. As a result, the transistor 1322 turns on and bridges the resistor 1310. As a result, the voltage divider is formed only by the resistors 1312 and 1314. As a result, the switching threshold is increased so much that the comparator remains in the switched state when the line 192 again ground potential, because the security module was plugged again.
The state of the circuit can be queried via the signal on line 139 from the processor 120.
It is contemplated that the unplugged detection unit 13 as circuit means comprises a line 137 and a latching resetting means 1316, the reset being triggerable by the processor 120 via a signal on the line 137. The processor 120 can at any time via a user circuit ASIC 150, via a first contact group 101, via a system bus of the controller 1 and for example via the microprocessor 91 via modem 83 to contact a remote data center, which checks the billing data and optionally other data to the Processor 120 transmitted. The user circuit ASIC 150 of the security module 100 is connected to the processor 120 via a module-internal data bus 126.
The processor 120 may reset the untagged detection unit if reinitialization could be successfully completed using the transmitted data. For this purpose, transistor 1316 is turned on via the reset signal on line 137, thus pulling the voltage at tap 1304 below the reference voltage of source 1302 and blocking transistors 1320 and 1322. When transistor 1322 is normally off, resistors 1310 and 1312 in series form the upper part of the above voltage divider and the switching threshold is lowered back to the original state.

The FIG. 6 shows the mechanical structure of the safety module in side view. The security module is designed as a multi-chip module, that is, a plurality of functional units are interconnected on a printed circuit board 106. The security module 100 is with a hard potting compound 105 shed, wherein the battery 134 of the security module 100 is disposed outside of the potting compound 105 on a printed circuit board 106 interchangeable. For example, it is potted with a potting material 105 that signal means 107, 108 protrude from the potting material at a first location and that the circuit board 106 protrudes laterally with the inserted battery 134 a second location. The printed circuit board 106 also has battery contact terminals 103 and 104 for connecting the poles of the battery 134, preferably on the component side above the printed circuit board 106. It is envisaged that for plugging the postal security module PSM 100 on the main board of the meter 1, the contact groups 101 and 102nd are arranged below the circuit board 106 (trace side) of the security module 100. The user circuit ASIC 150 is via the first contact group 101 - in a manner not shown - in communication with the system bus of a control device 1 and the second contact group 102 serves to supply the security module 100 with the system voltage. If the security module is plugged onto the motherboard, then it is preferably arranged within the meter housing in such a way that the signal means 107, 108 near an opening 109 or projects into this. The meter housing is thus advantageously designed so that the user can still see the status of the security module from the outside. The two light emitting diodes 107 and 108 of the signal means are controlled via two output signals of the I / O ports to the pin 8, 9 of the processor 120. Both LEDs are housed in a common component housing (Bicolorleuchtdiode), which is why the dimensions or the diameter of the opening can remain relatively small and is of the order of the signal means. In principle, three different colors can be displayed (red, green, orange). To distinguish the state of the LEDs are also used flashing, so that 8 different state groups can be distinguished, which are characterized by the following LED states: green LED, red LED, orange orange, red LED flashing, green LED flashing, orange LED flashing , Red LED flashing and orange flashing, green LED flashing and orange flashing.

In the FIG. 7 is a plan view of the postal security module shown.

The FIGS. 8a or 8b show a view of the security module respectively from the right and from the left. The location of the contact groups 101 and 102 below the printed circuit board 106 is from the FIGS. 8a and 8b combined with FIG. 6 clear.

According to one in the FIG. 9 shown - self-explanatory - table for status signaling is a variety of possible status indicators. A green LED 107 signals an OK state 220, but a lit LED 108 signals an error state 230 as a result of an at least static self-test. The result of such a known self-test can not be falsified because of the direct signaling via the LEDs 107,108. For example, in the event that, in the meantime, the keys stored in the security module were lost, the ongoing check in dynamic mode would detect the error and signal the status 240 with orange LED's lit. After switching off / on, booting is required, otherwise no other operation can be performed. The case where the installation of a key has been forgotten during manufacture is signaled as state 260, for example with a green blinking LED 107.
The first functional unit is the processor 120. This constantly evaluates a second daily loan to see whether the latter is exhausted. That's the case where a long time timer has expired. The long time timer has expired if the data center has not been contacted for too long, for example to recharge a credit. For example, 90 days can be specified by the data center as a time credit and loaded into a memory 124 of the security device during installation or during reloading. At the end of these 90 days, a "LOST" state 250 will be signaled by a flashing red LED. The long time timer is preferably a down counter that is implemented in the processor 120. As the count reaches zero at timeout, state 250 also remains when the security module is disconnected from the meter after the "LOST" state has been reached. When the last contact with the data center has been made so long that it already appears suspicious, the suspect state 270 is signaled, preferably a backward counter, also implemented in the processor 120, which constantly evaluates a first daily credit of, say, thirty days to determine whether the latter is exhausted ,

Other status indications for states 280 and 290 are optionally provided for various further tests. For this purpose, further functional units, in particular a temperature sensor, may be provided in the security module. If, for example, a temperature was exceeded which could lead to damage in the safety module, then this state 280 can be signaled with the LEDs 107, 108, which light up red and flash orange, and thus produce the overall effect of the alternating red / orange flashing. The second functional unit may optionally monitor the battery voltage to see if its capacity has been exhausted. Advantageously, a state 290 for a required battery change can be signaled with the LEDs 107, 108, which light up green and flash orange, thus causing the overall effect of the alternating green / orange flashing.

The FIG. 10 shows a representation of the tests in the system for statically and dynamically changeable states. A deactivated system in state 200, after being switched on, transitions via transition Start 201 into state 210, in which a static self-test is performed by the safety module as soon as the operating voltage is present. In the transition 202, in which the self-test results in an OK result, the state 220 with LED 107 is reached in green. Starting from the latter state, if necessary, a repeated static self-test, a dynamic duration test, at least one periodic time credit test and other tests are feasible. Transition 203 illustrating such tests returns to state 220 LED green at OK. A transition 206 leads to state 240 and the LEDs light orange at an error detected during the dynamic self-test. The latter can be remedied by a Recover attempt possibly by switching off (Transition 211) and restarting the device (Transition 201). Static errors are not recoverable. From state 210, in which the powered-on device is performing a static self-test, if there is a fault, a transition 204 to state 230 occurs and LED 108 lights up red. At any time, when the device is in state 220 (LED green), an on-demand static self-test can, in the event of a fault, transition to state 230 (LED red) via a transition 205. Starting from the state 220 (LED green), further transitions 207, 208, 209 lead to the further states 270, 250, 260. In the state 270, orange flashing LEDs 107, 108 indicate that the connection to the data center is to be included because the security device is already considered suspect. Via the transition 212, which results in the reloading, the state 210 is reached again.
In state 250, the state "LOST" is signaled with the red flashing LED 108. At transition 209, where another self-test of processor 120 results in a need to reload a key, state 260 is reached blinking green LED 107.
Starting from state 220 (LED 107 green), optional further transitions may lead either to the further state 280 with red flashing / orange flashing LEDs or state 290 to green flashing / orange flashing LEDs. At the first optional transition, a temperature measurement will result in a need to swap the entire security module. In the latter transition, capacitance measurement of the battery results in a need for battery replacement.

The FIG. 11 shows shows the mechanical structure of the security module according to a second variant in side view. The security module is again designed as a multi-chip module and potted with a hard potting compound 105, wherein the battery 134 of the security module 100 is arranged outside of the potting compound 105 on a printed circuit board 106 interchangeable. For cost reasons, the potting is performed at a first location with a potting material 105 that the signal means 107, 108 and the inserted battery 134 are mounted externally from the potting material at a second location on the top of the circuit board 106. The circuit board 106 has again battery contact terminals 103 and 104 for connecting the poles of the battery 134, preferably on the component side above the circuit board 106. The two LEDs 107 and 108 of the signal means are separate components in this variant. The two light emitting diodes 107 and 108 of the signal means are controlled via two output signals of the I / O ports to the pin 8, 9 of the processor 120. In order to distinguish the state, the LEDs can in turn also be controlled in a flashing manner so that different status groups can be distinguished. The meter housing is also designed again so that the user can see the status display of the security module from the outside, for example through a viewing window or opening 109.
It is also envisaged that for plugging the postal security module PSM 100 on the motherboard of the meter 1 the Contact groups 101 and 102 are arranged below the circuit board 106 of the security module 100. Advantageously, a connector 127 includes the contact groups 101 and 102, wherein a connector 127 is disposed on the wiring side of the circuit board 106.

In the FIG. 12 is a plan view of the postal security module of the second variant shown. The potting compound 105 surrounds the first part of the circuit board 106 in a cuboid, while the second part of the circuit board 106 for the two light emitting diodes 107 and 108, the interchangeably arranged battery 134 and the connector 127 (not visible here) remains free of potting compound. The battery contact terminals 103 and 104 are in the FIG. 12 covered by the battery, but as well as the connector 127 in the side view after 13a visible, noticeable.

The potting of the first part of the circuit board 106 shows neither openings nor elevations and thus offers fewer points of attack for manipulation in criminal intent. The potting material 105 is preferably a two-component epoxy resin or polymer or plastic. Suitable is a potting compound from STYCAST®2651-40 FR from EMERSON & CUMING with preferably CATALYST 9 as the second component. In the production of the encapsulation, both components are mixed and applied to both sides of the circuit board 106 in the first part. The latter can be done for example by immersion in the fresh mixture. Now, a protective and / or sensor layer, which is not visible from the outside after a final external encapsulation, can be attached, which forms a firm connection with the latter during hardening of the encapsulation material 105. After the final outer encapsulation, the potting compound hardens to the solid opaque potting material 105.

The FIGS. 13a or 13b show a view of the security module of the second variant respectively from the right and from the left. The position of the connector 127 with the contact groups 101 and 102 below the circuit board 106 is from the Figures 13a and 13b combined with FIG. 12 more visible.
Alternatively, for example, a connector 127 may be mounted on top of the second part of the circuit board 106, not shown.

In principle, of course, another signal means can be used in conjunction with a postal device.
According to the invention, the postal device, in particular a franking machine. The security module can then be approved as a postal security device PSD (POSTAL SECURITY DEVICE) by the respective postal authority.

The security module or PSD also have a different design, which makes it possible that it can be plugged, for example, on the motherboard of a personal computer that drives a commercial printer as a PC meter.

Claims (7)

1. A security module having a logic (120, 150, 160), means for supplying the security module with a system voltage or with a voltage from a battery (134) and being provided with a number of monitoring means, comprising at least a first (120) and a second functional unit (12) as well as means for loading at least a time credit defined by the data central and a signal means (107, 108) that is connected to a first functional unit (120), wherein loading into a memory (124) of the security device is effected upon installation and reloading, and wherein the first functional unit (120) analyses a day credit as to lapse of time and triggers the signal means (107, 108) at least for signalling the lapse of time and moreover comprising a first line (136) for voltage supply of the second functional unit (12) with a system voltage or with a battery voltage, wherein the second functional unit (12) delivers an operating voltage via a second line (138) to a memory means (122, 124) and, in case of a lack of height of the operating voltage, contributes to a deletion of sensitive data in the memory (124) due to improper operation or upon exchange of the security module.
2. A security module according to Claim 1, characterized in that the first functional unit (120) is a processor and the second functional unit (12) is a voltage monitoring unit (12).
3. A security module according to Claim 1, characterized in that there is provided a third functional unit (13) in the form of a detection unit with switching means (1310, 1316, 1322, 1324) for resettable self-holding, said self-holding being triggered when the voltage level on a measuring voltage line (192) deviates from a predefined potential and that the processor (120) connected with the functional units (12, 13) is programmed for determining and signalling the respective status of the security module (100).
4. A security module according to Claims 2 to 3, characterized in that the processor (120) comprises the memory means (122, 124) to which an operating voltage Ub+ is fed via the second line (138) from a voltage monitoring unit (12) and that the processor (120) is supplied with a system voltage Us+ and has a fourth connection (Pin 4) for resetting the self-holding status of the detection unit (13) via a third line (137) and has a fifth connection (Pin 5) to which a fifth line (139) is connected for inquiring the status of the detection unit (13).
5. A security module according to one of Claims 1 to 4, characterized in that the security module (100) is sealed-in with a hard sealing compound (105); that the battery (134) of the security module (100) is arranged exchangeably outside the sealing compound (105) on a circuit board (106); that the circuit board (106) contains the battery contact terminals (103 and 104) for connecting the poles of the battery (134) and a second group of contacts (102) for the supply of the security module (100) with the system voltage; that the sealing compound is provided with means that warn and protect, if necessary, the security module (100) against an attack; and that at least one of the groups of contacts (101, 102) is designed for static and dynamic monitoring of the status of being connected and the status of being attacked of the security module (100).
6. A security module according to one of Claims 2 to 5, characterized in that the processor (120) of the security module is provided with connections (Pins 8, 9) for the output of at least one signal for signalling the status of the security module (100).
7. A security module according to Claim 6, characterized in that internal signal means of the module (107, 108) are connected to the I/O ports of an input/output unit (125) of the processor (120).

Images