EP1340197B1 - Method for providing postal deliveries with franking stamps - Google Patents

Description

The invention relates to a method for providing mailpieces with postage indicia, wherein a customer system controls printing of postage indicia on mailpieces.

It is known to generate a franking by reproducing digitized data in encrypted form. This method is referred to collectively briefly as PC franking because of its preferred implementation on personal computer. However, the term PC stamping is in no way limiting, since the generation of digital data can be done on any computer and is not limited to personal computers. The term "computer" is in no way limiting. This is any unit suitable for performing calculations, for example a workstation, a personal computer, a microcomputer or a circuit suitable for performing calculations. For example, it can also be a personal digital assistant (PDA).

A presentation of the franking process planned by Deutsche Post AG was made available to the public through publication on the Internet.

The presented PC franking contains several steps, in where a customer loads a postage amount, generates franking marks from the postage amount and prints them on a printer. The printout is in the form of a PC postage indicium containing a machine-readable, two-dimensional matrix code that can be used to test the validity of the postage indicium.

The mailing provided with the PC postage indicium can be delivered to the postal service provider. The postal service provider carries the consignment after verifying the validity of the franking mark.

In order to prevent improper generation of postage indicia, a reduction in the available postage amount takes place as soon as a corresponding print command has been triggered.

The problem is that after the print command is issued but before the actual postage indicium is printed, the print data may be lost. This can occur, for example, in the event of a system crash, power failure, paper jams, or a printout with an empty cartridge or empty toner cartridge.

From the European patent application EP 0 741 374 A2 goes out a system for franking mail, in which for a batch of mail a documentation file is transmitted to the postal service provider, which is used to check the Frarlkierung. Furthermore, in the case of faulty printed mailpieces, it is possible to re-apply franking markings to the mailings, with data about the mail items in question being stored in a re-run file and likewise being transmitted to the postal service provider. These data are also used in the verification of franking marks.

The known system has the disadvantage that a reimbursement of postage amounts can not be made, but in the case of error, only a reprinting is provided.

The invention has for its object to further develop a generic method so as to allow a refund of postage for mail items that do not get into the shipment, and thereby exclude abuse opportunities.

According to the invention this object is achieved by a method according to claim 1.

In particular, it is provided that it is recorded in a file for which franking markings generated by a print command do not send a mailpiece he follows.

A particularly simple refund of fee amounts is possible by the fact that the file is included in a fee reimbursement form.

The method is expediently carried out by transmitting the file and / or the fee reimbursement form to a reimbursement office.

To increase data security, it is advantageous for the transmission to be made to a server, and for the customer system to transmit identification data about the shipments that are not to be sent to the server, and for the server to forward the identification data to at least one checkpoint.

The server is preferably a logical node of a communications network, but any other computer equipped with interfaces, or any other computing unit, may be used as the server.

By transmitting the identification data, abuse of the automated reimbursement option is avoided. Verification points, which are advantageously located in letter centers, but which are also grouped outside of the mail centers, for example at one or more central locations, may have a shipment that has been delivered even though the indicium used to create them has been marked unsent by the customer system , detect.

Therefore, it is possible that the file or the fee reimbursement form are stored unencrypted in the customer system. An improper entry of information on franking values not used for sending mailpieces can be detected by sorting out of those mailings to which the letter centers have been informed that they are considered non-shipments.

Manual entry of shipment data may also be permitted by the system, since misuse of this manual input facility can be avoided.

For example, the user of the customer system can manually enter data about unshipped consignments. Such manual input can optionally be excluded or permitted, for example by introducing encryption. In the event that a manual data entry is permitted, the user of the customer system can, for example, remove a letterhead marked with a postage indicium before a mailing, for example, if he subsequently decided not to send the letterhead marked with the postage indicium.

A further increase of the data security is possible by the fact that a reimbursement of fees takes place only if the form is attached to the form via the franking notes to be refunded over the Nichtversand or the non-expression.

These documents are automatically generated, for example, by the system, for example by scanning the respective postage indicia or by logging system data on the non-printing of the postage indicium.

An electronic storage of this information is particularly advantageous because it allows automated verification.

Preferably, the shipping takes place electronically, for example by a message in a communication system, an e-mail or by entering into a web page.

Further advantages, features and expedient developments of the invention will become apparent from the dependent claims and the following description of preferred embodiments with reference to the drawings.

Fig. 1

ein Kundensystem zur Erzeugung von Freimachüngsvermerken;

Fig. 2

ein Gesamtsystem aus einem Kundensystem und einem externen Server und

Fig. 3

eine Bildschirmmaske, welche Informationen über die nicht versandte Sendung enthält.

From the drawings shows

Fig. 1

a customer system for generating indicia;

Fig. 2

a complete system of a customer system and an external server and

Fig. 3

a screen that contains information about the unshipped shipment.

This in Fig. 1 illustrated customer system includes, for example, a personal computer 1 with a screen 2, a keyboard 3, a mouse 4 and a connected printer. 5

The customer system is not dependent on the hardware shown, but can have a variety of physical forms, for example, it can be in a single Memory module, such as a chip card to be stored.

At the in Fig. 2 The overall system shown is the customer system in contact with an external server. Advantageously, the external server is formed by a charging center (value transfer center).

The server can be any computer. The term server has no restrictive meaning, but refers to the additional possibility of exchanging data selectively via interfaces.

One of the interfaces is preferably provided by the customer system. This interface, hereinafter referred to as the customer interface, allows input of data via electronically generated postage indicia not used to send postage stamps.

Preferably, the customer system includes a security module that allows tamper-proof generation of postage indicia.

The customer system is preferably part of an overall system that includes review and security mechanisms in all its components.

Another component of the overall system is, for example, a value transfer center. The properties of the value transfer center that prevent unauthorized loading of billing amounts are not shown because the customer system uses any such secure Value Transfer Center can be connected.

security architecture

For PC franking a basic security architecture is provided, which combines the advantages of different, existing approaches and offers a higher level of security with simple means.

• Ein Wertübertragungszentrum, in dem die Identität des Kunden und seines Kundensystems bekannt ist.
• Ein Sicherungsmodul, das die als nicht durch den Kunden manipulierbare Hard-/Software die Sicherheit im Kundensystem gewährleistet (z.B. Dongle oder Chipkarte bei Offline-Lösungen bzw. gleichwertige Server bei Online-Lösungen).
• Ein Briefzentrum, in dem die Gültigkeit der Freimachungsvermerke geprüft, beziehungsweise Manipulationen am Wertbetrag sowie am Freimachungsvermerk erkannt werden.

The security architecture preferably comprises substantially three units, which in a preferred arrangement in FIG Fig. 2 are shown:

• A value transfer center that knows the identity of the customer and their customer system.
• A security module that ensures the security in the customer system that can not be manipulated by the customer (eg dongle or chip card for offline solutions or equivalent servers for online solutions).
• A letter center in which the validity of the franking marks are checked, or manipulations of the value amount and the franking mark are recognized.

The individual process steps that take place in the value transfer center, customer system and letter center will be described below in the form of a schematic diagram. By contrast, the exact technical communication process differs from this basic representation (eg several communication steps to obtain a transmission shown here). In particular, in this illustration, a provided confidential and integrated communication between identified and authenticated communication partners.

customer system

1. 1. Within the backup module, a random number is generated and buffered that the customer does not notice.
2. 2. Within the security module, the random number, together with a unique identification number (security module ID) of the customer system, or the security module, combined and encrypted so that only the value transfer center is able to perform a decryption.
   In a particularly preferred embodiment, the random number is encrypted together with a previously issued by the value transfer center session key and the user data of the communication (requesting the establishment of a billing amount) with the public key of the value transfer center and digitally signed with the private key of the security module. This avoids that the request has the same form every time a billing amount is loaded and can be used for abusive loading of billing amounts (replay attack).
3. 3. The cryptographically treated information from the customer system is transmitted to the value transfer center during the loading of a billing amount. Neither the customer nor third parties can provide this information decrypt.

In practice, asymmetric encryption is used with the public key of the communication partner (value transfer center or security module).

With the possibility of a previous exchange of keys symmetric encryption is also considered.

Value transfer center

• 4. In the value transfer center, among other things, the random number which can be assigned to the identification number of the security module (security module ID) is decrypted.
• 5. By request in the database franking, the security module ID is assigned to a customer of Deutsche Post.
• 6. In the value transfer center, a charging operation identification number is formed which includes parts of the security module ID, the amount of a charging amount, etc. The decrypted random number is encrypted together with the loader ID so that only the mail center is able to decrypt. The customer, however, is unable to decrypt this information. (The load identification number is additionally encrypted in a form decipherable by the customer system). In practice, the encryption is done with a symmetric key according to TDES, the exclusively in the value transfer center and in the letter centers. The use of symmetric encryption at this point is justified by the demand for fast decryption procedures by the production.
• 7. The encrypted random number and encrypted load ID number are transmitted to the customer system. Neither the customer nor third parties can decrypt this information. By simply managing the post office's own, preferably symmetric key in the value center and mail centers, the key can be exchanged at any time and key lengths can be changed as needed. As a result, a high degree of manipulation security is ensured in a simple manner. In practice, the charging process identification number is additionally provided to the customer in non-encrypted form.

customer system

• 8. As part of the preparation of an indicium, the customer collects the shipment-specific information or shipment data (such as postage, shipment type, etc.) that are transferred to the security module.
• 9. Within the backup module, a hash value is formed, among other things, from the following information
  • Excerpts from the shipment data (eg postage, type of shipment, date, postal code, etc.),
  • the cached random number (generated during the process of loading a billing amount)
  • and optionally the charge identification number.
• 10. The following information is included in the franking mark:
  • Excerpts from the shipment data in plain text (eg postage, type of shipment, date, postal code, etc.),
  • the encrypted random number and the encrypted loader identification number from the value transfer center and
  • the hash value formed within the security module of shipment data, random number, and charge identification number.

letter center

• 11. In the letter center, the shipment data is first checked. If the shipment data included in the franking mark does not agree with the consignment, then either an incorrect franking, an imaginary or a smear stamp is available. The consignment is to be paid.
• 12. In the mail center, the random number and the loading service identification number, which were transferred to the customer system as part of the billing amount, are decrypted. For this, only one (symmetric) key is required in the mail center. However, using individual keys would require a plurality of keys instead.
• 13. In the mail center, a hash value is obtained from the following information according to the same procedure as in the backup module educated:
  • Excerpts from the shipment data,
  • the decrypted random number
  • the decrypted loader ID.
• 14. In the mail center, the self-generated and the transmitted hash value are compared. If both agree, then the transmitted hash value has been formed with the same random number which was also transmitted to the value transfer center during the loading of the settlement amount. Accordingly, it is both a genuine, valid billing amount and shipment data that has been announced to the security module (validity check). In terms of complexity, the decryption, the formation of a hash value and the comparison of two hash values theoretically correspond to those of a signature check. Due to the symmetric decryption, however, there is a time advantage over the signature check.
• 15. By means of a countercheck in the background system, deviations between charged settlement amounts and franking amounts can subsequently be determined (check with regard to consignment duplicates, balancing in the background system).

The illustrated basic security architecture does not include the separately secured administration of the settlement amounts (stock exchange function), the security of the communication between customer system and the value transfer center, the mutual identification of customer system and value transfer center and the Initialization for safe startup of a new customer system.

Attacks on the security architecture

• Dritte können die im Internet mitgeschnittene (kopierte) erfolgreiche Kommunikation zwischen einem Kundensystem und dem Wertübertragungszentrum nicht zu betrügerischen Zwecken nutzen (Replay-Attacke).
• Dritte oder Kunden können gegenüber dem Wertübertragungszentrum nicht die Verwendung eines ordnungsgemäßen Kundensystems durch ein manipuliertes Kundensystem vortäuschen. Spiegelt ein Dritter oder ein Kunde die Übertragung einer Zufallszahl und einer Safe-Box-ID vor, die nicht innerhalb eines Sicherungsmoduls erzeugt wurden, sondern ihm bekannt sind, so scheitert das Laden der Abrechnungsbeträge entweder an der separat durchgeführten Identifikation des rechtmäßigen Kunden durch Benutzername und Kennwort oder an der Kenntnis des privaten Schlüssels des Sicherungsmoduls, der dem Kunden unter keinen Umständen bekannt sein darf. (Deshalb ist der Initialisierungsprozess zur Schlüsselerzeugung in dem Sicherungsmodul und die Zertifizierung des öffentlichen Schlüssels durch den Kundensystemanbieter geeignet durchzuführen.)
• Dritte oder Kunden können nicht mit einem vorgetäuschten Wertübertragungszentrum gültige Abrechnungsbeträge in ein Kundensystem laden. Spiegelt ein Dritter oder ein Kunde die Funktionalität des Wertübertragungszentrums vor, so gelingt es diesem vorgespiegelten Wertübertragungszentrum nicht, eine verschlüsselte Ladevorgangsidentifikationsnummer zu erzeugen, die im Briefzentrum ordnungsgemäß entschlüsselt werden kann. Zudem kann das Zertifikat des öffentlichen Schlüssels des Wertübertragungszentrums nicht gefälscht werden.
• Kunden können nicht unter Umgehung des Wertübertragungszentrums einen Freimachungsvermerk erstellen, dessen Ladevorgangsidentifikationsnummer derart verschlüsselt ist, dass sie im Briefzentrum als gültig entschlüsselt werden könnte.

The described security architecture is secure against attacks by:

• Third parties can not use the copied (copied) successful communication between a customer system and the value transfer center on the Internet for fraudulent purposes (replay attack).
• Third parties or customers can not pretend to the value transfer center to use a proper customer system through a compromised customer system. If a third party or a customer notifies the transmission of a random number and a safe box ID which were not generated within a security module but are known to it, the charging of the settlement amounts either fails due to the separately performed identification of the legitimate customer by user name and Password or knowledge of the private key of the backup module that the customer may under no circumstances know. (Therefore, the initialization process for key generation in the backup module and the certification of the public key by the customer system provider are to be performed appropriately.)
• Third parties or customers can not load valid billing amounts into a customer system with a fake value transfer center. If a third party or a customer reflects the functionality of the value transfer center, this mirrored value transfer center will not succeed in encrypting To generate a load history identification number that can be properly decrypted in the mail center. In addition, the certificate of the public key of the value transfer center can not be forged.
• Customers can not create an indicium bypassing the value center, whose load history identification number is encrypted so that it could be decrypted as valid at the mail center.

• Die Länge der Zufallszahl ist daher möglichst groß und beträgt vorzugsweise mindestens 12 byte (96 bit).
  Die eingesetzte Sicherheitsarchitektur ist durch die Möglichkeit, kundenspezifische Schlüssel einzusetzen, ohne dass es notwendig ist, in zur Entschlüsselung bestimmten Stellen, insbesondere Briefzentren, Schlüssel bereit zu halten, den bekannten Verfahren überlegen. Diese vorteilhafte Ausgestaltung ist ein wesentlicher Unterschied zu den bekannten Systemen nach dem Information-Based Indicia Program (IBIP).

To increase the data security, especially when searching, an unlimited number of random numbers for hash value formation is used.

• The length of the random number is therefore as large as possible and is preferably at least 12 bytes (96 bits).
  The security architecture used is superior to the known methods in that it is possible to use customer-specific keys without it being necessary to hold keys ready for decryption, in particular letter centers. This advantageous embodiment is an essential difference to the known systems according to the Information-Based Indicia Program (IBIP).

Advantages of the security architecture

• Die eigentliche Sicherheit wird in den Systemen der Deutschen Post (Wertübertragungszentrum, Briefzentrum, Entgeltsicherungssystem) gewährleistet und liest damit vollständig im Einflussbereich der Deutschen Post.
• Es werden im Freimachungsvermerk keine Signaturen, sondern technisch gleichwertige und ebenso sichere (symmetrisch) verschlüsselte Daten und Hash-Werte angewandt. Hierzu wird im einfachsten Falle nur ein symmetrischer Schlüssel verwendet, der alleine im Einflussbereich der Deutschen Post liegt und somit leicht austauschbar ist.
• Im Briefzentrum ist eine Überprüfung aller Freimachungsmerkmale (nicht bloß stichprobenweise) möglich.
• Das Sicherheitskonzept basiert auf einem einfachen, in sich geschlossenen Prüfkreislauf, der in Einklang mit einem hierauf angepassten Hintergrundsystem steht.
• Das System macht selbst ansonsten kaum feststellbare Dubletten erkennbar.
• Ungültige Phantasiemarken sind mit diesem Verfahren mit hoher Genauigkeit erkennbar.
• Neben der Plausibilitätsprüfung kann bei allen Freimachungsvermerken eine Überprüfung der Ladevorgangsidentifikationsnummer in Echtzeit erfolgen.

The following features characterize the security architecture described in comparison with the known IBIP model of the US Postal Service of the USA:

• The real security is in the systems of Deutsche Post (value transfer center, letter center, pay-as-you-go system) guarantees and reads completely within the sphere of influence of Deutsche Post.
• The signatures do not use any signatures but technically equivalent and equally secure (symmetric) encrypted data and hash values. For this purpose, in the simplest case, only a symmetrical key is used, which is alone in the sphere of influence of Deutsche Post and thus easily replaceable.
• In the letter center a check of all franking characteristics (not only on a random basis) is possible.
• The safety concept is based on a simple, self-contained test cycle that is in line with a background system adapted to it.
• The system makes even otherwise barely detectable duplicates recognizable.
• Invalid phantasy marks are recognizable with this method with high accuracy.
• In addition to the plausibility check, a check of the charge identification number can take place in real time for all franking marks.

shipment types

With the PC franking, all products of the forwarding service provider such as "letter national" (including additional services) and "direct marketing national" can be cleared by the forwarding service provider according to a previous specification.

A deployment for other forms of delivery such as parcel and express shipments is equally possible.

The amount of charge that can be loaded at the maximum via the value transfer center is set to an appropriate amount. The amount can be selected according to the customer's requirement and the security needs of the postal service provider. While a fee amounting to a maximum of several hundred DM is particularly expedient for use in the private customer sector, substantially higher fee amounts are provided for use with large customers. An amount of about DM 500, suitable for demanding households as well as for freelancers and smaller companies. The value stored in the exchange should preferably not exceed twice the value of the system.

False-franked shipments

False-franked, not printed, already printed letters, envelopes, etc. with a valid franking mark will be credited to the customer.

Through appropriate measures, for example by stamping incoming shipments in the mail center, it is possible to determine whether a shipment has already been transported. This prevents customers from receiving already carried shipments from the recipient and submitting them for credit to the post office operator, for example Deutsche Post AG.

The return to a central point of the

Dispatch service provider, for example, Deutsche Post, enables a high level of remuneration protection by comparing the data with billing amounts and the knowledge of the most common reasons for sending. This is possible the possibility of follow-up by changing the introductory requirements with the aim of reducing the return rate.

Validity of franking values

For example, billing values purchased by the customer are only valid for 3 months for reasons of payment security. A corresponding note must be included in the agreement with the customer. If franking values can not be used up within 3 months, the customer system must establish contact with the value transfer center for a new production of franking marks. During this contacting, as with the regular loading of billing amounts, the balance of an old billing amount is added to a newly issued billing amount and made available to the customer under a new loading service identification number.

Special occupational treatment

• PC-frankierte Sendungen können über alle Einlieferungsmöglichkeiten, auch über Briefkasten, eingeliefert werden.

In principle, the postage indicia may have any desired form in which the information contained in them can be reproduced. However, it is expedient to design the postage indicia so that they have the form of barcodes at least partially. In the illustrated solution of the 2D barcode and the resulting remuneration protection, the following peculiarities in production must be taken into account:

• PC-franked shipments can be delivered via all delivery options, also via letterbox.

By establishing licensing requirements for manufacturers of components of the franking system that are relevant for the interfaces, in particular for manufacturers and / or operators of customer systems, compliance with the security measures presented is further increased.

General Standards, Standards and Standards International Postage Meter Approval Requirements (IPMAR)

Preferably, the provisions of the current version of the document International Postage Meter Approval Requirements (IPMAR), UPU S-30, as well as all standards and standards referred to in this document are applicable. The widest possible compliance with all the "requirements" mentioned there makes sense for the customer system.

Digital Postage Marks: Applications, Security & Design In general, the terms of the current version of the Digital Postage Marks: Applications, Security & Design (UPU: Technical Standards Manual) document apply to all standards and standards referenced in this document. Compliance with the "normative" content as well as the most extensive consideration of the "informative" content of this document makes sense for the customer system.

Preferably, in addition to the higher standards and standards, regulations and provisions of the respective shipping service company also apply.

By the admission of only such systems, which fulfill all legal regulations as well as all norms and standards of the forwarding service provider, become Data security and reliability of the system as well as its user-friendliness.

Other laws, regulations, directives, regulations norms and standards

In principle, all laws, regulations, directives, regulations, standards and standards of the respectively valid version apply, which have to be considered for the development and operation of a technical customer system in its concrete form.

System-technical interoperability

System-technical interoperability refers to the functionality of the interfaces of the customer system or to compliance with the specifications specified in the interface descriptions.

Interface billing amount Communication path, protocols

The communication via the interface billing amount preferably takes place via the public Internet on the basis of the protocols TCP / IP and HTTP. The data exchange can optionally be encrypted via HTTP over SSL (https). Shown here is the target process of a required transmission.

The data exchange preferably takes place, if possible, via HTML and XML-coded files. The textual and graphical contents of the HTML pages are to be displayed in the customer system.

It seems to be commendable to use a proven HTML version of the communication pages and the Use of frames, embedded objects (applets, ActiveX, etc.) and possibly animated GIFs.

Login to load a billing amount (first transfer from the backup module to the value transfer center)

As part of the first transfer from the security module to the value transfer center, the certificate of the security module as well as an action indicator A are transmitted unencrypted and unsigned.

Feedback on registration (first answer from the value transfer center to the security module)

The value center feedback contains the certificate of the value center, an encrypted session key, and the digital signature of the encrypted session key.

Second transfer from the backup module to the value transfer center

As part of this transfer, the backup module sends the re-encrypted session key, encrypted random number and encrypted record of payload (amount of preloaded billing amount, residual value of current billing amount, ascending register of all billing amounts, last load transaction identification number - all asymmetrically with the public key of the At the same time, the backup module sends the digital signature of this encrypted data, and at the same time, the customer system can send other unencrypted and unsigned usage logs or usage profiles to the value center.

It is expedient that the usage data is entered in a usage log and that the usage log and / or the entries noted therein are digitally signed.

Second response from the value transfer center to the backup module

The value transfer center transmits the symmetrically encrypted random number and the symmetrically encrypted load ID number to the backup module. In addition, the value transfer center transmits the loader ID, backup module login information, and a new session key created with the backup module's public key to the backup module. The entire transmitted data is also digitally signed.

Third transfer from the security module to the value transfer center

As part of the third transmission, the security module transmits the new session key, the new charge identification number together with payload data for confirming the successful communication, all in encrypted and digitally signed form to the value transfer center.

Third response from the value transfer center to the security module

In the third response, the value transfer center acknowledges the success of the transfer without using cryptographic methods.

uninstall

The possibility of uninstalling the customer system must be possible by the customer.

The detailed, technical description of the Interface Settlement Amount is provided with the concept of the Postal Value Transfer Center.

Usage protocol and usage profile

Within the framework of each generation of a franking mark, a log entry must be generated in the customer system which must contain all the information of the respective franking mark provided with a digital signature of the security module. Furthermore, every error status of the backup module must be recorded in the log in such a way that the manual deletion of this entry is detected during the check.

The usage profile contains a prepared summary of usage data since the last communication with the value transfer center.

If a customer system is divided into a component located at the customer and a central component (for example, on the Internet), then the usage profile must be maintained in the central component.

Interface franking mark Components and characteristics

The customer system must be able to generate PC franking markings which correspond exactly to the specifications of Deutsche Post or the framework of the current CEN and UPU standards.

• Einem 2-dimensionalen Strichcode, Barcode oder Matrixcode, in dem sendungsspezifische Informationen in maschinenlesbarer Form dargestellt sind. (Zweck: Automatisierung in der Produktion und Entgeltsicherung der Deutschen Post.)
• Text in Klarschrift, der wichtige Teile der Strichcode-Information in lesbarer Form wiedergibt. (Zweck: Kontrollmöglichkeit für den Kunden sowie in der Produktion und Entgeltsicherung der Deutschen Post.)
• Eine den Versendungsdienstleister, beispielsweise die Deutsche Post, kennzeichnende Marke wie beispielsweise ein Posthorn.

PC postage indicia preferably consist of the following three elements:

• A 2-dimensional bar code, bar code or matrix code in which broadcast-specific information is displayed in machine-readable form. (Purpose: Automation in production and payment protection of Deutsche Post.)
• Text in plain text rendering important parts of the barcode information in readable form. (Purpose: Control options for the customer as well as in the production and payment protection of Deutsche Post.)
• A brand, such as a posthorn, that characterizes the forwarding service provider, for example Deutsche Post.

Specification of the data content

The barcode and plaintext of the PC postage indicium conveniently contain the following information:

Table: Contents of the PC franking mark

Described here is only the content of the franking mark. The regulations of the sending service provider for the content of the address information remain valid unchanged.

Specification of physical expression Paper (layout)

The franking mark is advantageously attached in the address field left-aligned above the address on the consignment.

• Aufdruck auf den Briefumschlag,
• Aufdruck auf Klebeetiketten oder
• Verwendung von Fensterbriefumschlägen derart, dass der Aufdruck auf den Brief durch das Fenster vollständig sichtbar ist.

The address field is specified in the currently valid version of the standards of the shipping service provider. In particular, the following postage stamps are made possible:

• Imprint on the envelope,
• Imprint on adhesive labels or
• Use of window envelopes such that the imprint on the letter through the window is completely visible.

• Verwendet wird zunächst der Strichcode vom Type Data Matrix, dessen einzelne Bildpunkte eine Kantenlänge von mindestens 0,5 Millimeter aufweisen sollten. Im Hinblick auf lesetechnische Voraussetzungen sollte ein 2D-Barcode in Form der Data Matrix mit einer minimalen Pixelgröße von 0,5 mm bevorzugt zur Anwendung kommen. Eine ggf. zweckmäßige Option besteht darin, die Pixel-Größe auf 0,3 mm zu reduzieren.
  Bei einer Darstellungsgröße von 0,5 mm pro Pixel ergibt sich eine Kantenlänge des gesamten Barcodes von ca. 18 bis 20 mm, wenn alle Daten wie beschrieben eingehen. Falls es gelingt, Barcodes mit einer Pixelgröße von 0,3 mm in der ALM zu lesen, lässt sich die Kantenlänge auf ca. 13 mm reduzieren.
  Eine nachträgliche Erweiterung der Spezifikationen auf die Verwendung eines anderen Barcodes (z.b. Aztec) bei gleichen Dateninhalten ist möglich.

The following applies to the individual elements of the franking mark:

• Initially, the barcode of the Type Data Matrix is used, whose individual pixels should have an edge length of at least 0.5 millimeters. With regard to reading technology requirements, a 2D barcode in the form of the data matrix with a minimum pixel size of 0.5 mm should preferably be used. An optional option is to reduce the pixel size to 0.3 mm.
  With a display size of 0.5 mm per pixel results in an edge length of the entire barcode of about 18 to 20 mm, if all data received as described. If it is possible to read barcodes with a pixel size of 0.3 mm in the ALM, the edge length can be reduced to approx. 13 mm.
  A subsequent extension of the specifications to the use of another barcode (eg Aztec) with the same data content is possible.

A preferred embodiment of the layout and the positioning of the individual elements of the franking mark is shown by way of example in FIG. 5 below.

The "most critical" size is the height of the illustrated window of a window envelope with a size of 45 mm x 90 mm. A DataMatrix code with an edge length of approx. 13 mm is shown here, which is possible only with a pixel resolution of 0.3 mm when using the proposed data fields. A code with an edge length of 24 mm does not allow sufficient space for address information regarding the available height.

Print quality and readability

Responsible for the impeccable imprint of the franking mark are the manufacturer of the customer system within the scope of the approval procedure as well as the customer in later operation. For this purpose, the customer must be informed by means of suitable instructions in a user manual and a help system. This is especially true for the clean adherence of labels and the prevention of slippage (of parts) of the indicium outside the visible range of window envelope.

The machine readability of franking marks depends on the used printing resolution and the contrast. Should instead of black and other colors for Application, it is to be expected with a lower reading rate. It can be assumed that the required read rate can be ensured at a resolution of 300 dpi ("dots per inch") used in the printer with high printing contrast; this corresponds to about 120 pixels per centimeter.

test Prints

The customer system must be able to produce indicia that are in size and size valid indicia, but are not destined for shipping but serve for control printouts and printer fine adjustments.

Preferably, the customer system is designed so that the test prints differ from actual indicia in a manner recognizable to the mailing company. For this purpose, for example, in the middle of the franking mark the inscription "PATTERNS - do not ship" attached. At least two thirds of the barcode should be obscured by the inscription or otherwise.

In addition to genuine (paid) franking marks, except for separately marked test prints, no zero prints may be used. getting produced.

Requirements for the customer system Base System Overview and functionality

The base system serves as a link between the other components of the PC franking, namely the value transfer center, the security module, the printer and the customer. It consists of one or more computer systems, for example PCs, which may possibly also be interconnected by a network.

The invention makes it possible to interrupt the further process of calculating a fee amount in various steps of the production of franking marks.

Claims (6)

1. A method for providing mailpieces with postage indicia, whereby a customer system controls the printing of postage indicia on mailpieces, characterized in that an entry is made in a file indicating which postage indicia generated by a printing command were not associated with the sending of a mailpiece, and in that the customer system transmits identification data to a server pertaining to mailpieces that are not to be sent, in that the server forwards the identification data to at least one checking station, and in that the checking station recognizes a mailpiece that has been mailed even though the postage indicium used by the customer system to generate it was marked as not sent.
2. The method according to Claim 1, characterized in that the information of the file is incorporated into a fee refund form.
3. The method according to one or both of Claims 1 or 2, characterized in that the file and/or the fee refund form are transmitted to a refund station.
4. The method according to Claim 3, characterized in that the transmission is made to a server.
5. The method according to one or more of the preceding claims, characterized in that the transmission takes place via an e-mail.
6. The method according to one or more of the preceding claims, characterized in that the transmission is made to a website.

Images