GB2211644A - Reliable document authentication system - Google Patents

Reliable document authentication system Download PDF

Info

Publication number
GB2211644A
GB2211644A GB8828988A GB8828988A GB2211644A GB 2211644 A GB2211644 A GB 2211644A GB 8828988 A GB8828988 A GB 8828988A GB 8828988 A GB8828988 A GB 8828988A GB 2211644 A GB2211644 A GB 2211644A
Authority
GB
United Kingdom
Prior art keywords
key
party
encryption
decryption
authenticating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB8828988A
Other versions
GB2211644B (en
GB8828988D0 (en
Inventor
Jose Pastor
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pitney Bowes Inc
Original Assignee
Pitney Bowes Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US07/136,251 external-priority patent/US4853961A/en
Priority claimed from US07/140,051 external-priority patent/US4893338A/en
Application filed by Pitney Bowes Inc filed Critical Pitney Bowes Inc
Publication of GB8828988D0 publication Critical patent/GB8828988D0/en
Publication of GB2211644A publication Critical patent/GB2211644A/en
Application granted granted Critical
Publication of GB2211644B publication Critical patent/GB2211644B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B07SEPARATING SOLIDS FROM SOLIDS; SORTING
    • B07CPOSTAL SORTING; SORTING INDIVIDUAL ARTICLES, OR BULK MATERIAL FIT TO BE SORTED PIECE-MEAL, e.g. BY PICKING
    • B07C1/00Measures preceding sorting according to destination
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00741Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
    • G07B2017/0075Symmetric, secret-key algorithms, e.g. DES, RC2, RC4, IDEA, Skipjack, CAST, AES
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00741Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
    • G07B2017/00758Asymmetric, public-key algorithms, e.g. RSA, Elgamal
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00822Cryptography or similar special procedures in a franking system including unique details
    • G07B2017/0083Postal data, e.g. postage, address, sender, machine ID, vendor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/00854Key generation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/0087Key distribution
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/00895Key verification, e.g. by using trusted party
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00911Trusted party

Abstract

A system for reliably authenticating a document includes a device having a decryption key D1 therein that, upon application to information provided by a user, reveals not only a plain text message M1 indicating the source of the authentication but, in addition, provides the decryption key Di for use with the information P provided by the mailer. <IMAGE>

Description

2211644 DOCUMENT AUTHENTICATION SYSTEM The present invention generally
relates to document authentication systems, to methods for authenticating documentst to encryption apparatus, to apparatus for authenticating a document and to key generators.
Throughout history one of the tasks undertaken by many people and organizations has been proving the authenticity of documents. The importance of actually proving the authenticity of a document can range from merely identifying a signature to verifying military and/or political intelligence. Further, as often as one tries to demonstrate the authenticity of a document, there is usually at least one party that attempts to forge a document. Hence, 2,0 there has been, and probably will continue to be, an ongoing struggle to be able to reliably authenticate documents.
Over the years technological advances have brought new meaning to the word "document". Today, a document may be, for example, an electronically generated receipt from a banking machine or a digitized recording on an optical recording disk. For the purpose of this patent application, therefore, the word "document" should be interpreted to include any information placed on any medium including, but not limited to, magnetic disks, optical disks or paper.
2 Another similar task that has just as colorful a history as document authentication is the secure communication of information between two parties. Such secure communication of information commonly includes the use of encryption/decryption techniques. Similar to the forger referred to above, there is usually at least one party that is interested in either stealing the information being communicated that has been encrypted or supplying false information in an encrypted format so that the receiver thereof is disinformed or both. Hence, throughout history various encryption/decryption schemes have been developed that, at least for a time, were thought to be secure only to discover that the security had been compromised. Again, technological advances have considerably changed the field of cryptography. For example, with modern computers many cryptographic techniques can be broken in a relatively short period of time due, primarily, to the speed that computers perform mathematical operations.
One presently secure cryptographic technique is generally known as the public key cryptographic system. One particular form of such a system is fully described-and discussed in the basic article entitled "A Method for Obtaining Digital Signatures and Public Key Cryptosystems11 by R. L. Rivest, A. Shamir and L. Adelmann, Volume 21 #2, February 1978, Communications of ACM pages 120-126. This particular system is frequently referred to as the RSA public key cryptosystem.
Public key techniques, as pointed out in the article entitled "Public Key Cryptography" by John Smith, in the January 1983 edition of Byte Magazine, pages 189-218, usually include two different kinds of keys: encryption keys and.
decryption keys. These keys includes the properties that:
a) it is possible to compute a pair of keys including an encryption key and a decryption key; b) such that, for each pair, the decryption key that is not the same as the encryption key; and c) it is not feasible to compute the decryption key even from the knowledge of the encryption key.
In addition, in such a cryptosystem, the encryption and decryption keys are functionally reversible, i.e. if one key is used to encrypt the other key can be used to decrypt whatever has been encrypted.
As known, the name "public key" is derived from the fact that each party's encryption key is available, i.e. public, to all parties subscribing to the particular public key network involved., Hence, as currently used, public key cryptographic systems are designed for the direct communication between any two subscribing parties, each party having an unpublished decryption key and a published encryption key.
The public key cryptographic system has also found use in providing accurate identification of the source of a document. As discussed on pages 217-218 of the Smith article, a sender can effectively sign a message by first eneryptingthe message, or an authenticating portion thereof, such as, for example,---thename of the sender using the private decryption key of the sender and then encrypt the message with -the -.public encryption -key of -the receiving party. This results in a message portion that only the sender could have created and only the receiver can read.
Hence, two party communication can, so long as public key cryptographic systems are secure, be implemented in such a fashion that -the -authenticity -of a.document can be ensured.
Nonetheless, there remain many instances where there is a need, or desire, for a third party to authenticate a document relevant to, or communicated between, two other parties. One example of such a situation would exist if a first party were required, or simply desired, to prove, or demonstrate, the authenticity of a particular document to a second party. In such a situation, it could be most beneficial if a third party could provide a means for authenticating that document. One particular situation could exist where a dispute over the authenticity of a document arose between two parties and an impartial third party was selected to resolve the issue to the satisfaction of both parties. Such a situation might arise when, in accordance with an agreement between two parties, one of the parties was to maintain certain records such that the second party could review those records to ensure compliance with the agreement.
In such a situation it would be most beneficial if a third party were available to demonstrate the accuracy/inaccuracy of the records to the auditing second party.
Another more widely known situation that is representative of third-party authentication of a document is in the mail handling field wherein a mailer must prove to a postal delivery service the authenticity of having paid for the postage for a particular mailing. Currently, the United States Postal Service (USPS) accepts the indicia on an envelope applied by a mailer as representing that the postage required for the delivery of that envelope has been paid. In fact, in many instances, the indicia is applied by, for example, a leased postage meter and the manufacturer of the postage meter ensures that when that postage meter is actuated to print the indicia, the postage, or the monetary value of the postage, has been paid to the USPS. At the present time, postage meters apply the indicia to an envelope via a mechanical printing means such as a drum having the indicia etched thereon or via the impressing of a platen upon an envelope. However, due primarily to technological advances, the wide spread use of contactless-printing has made it desirable to utilize such techniques in a mail handling system. However, the use of contactless printing techniques, at the present time, can lead to inaccurate accounting unless secure techniques are provided.
One secure technique-would be the use of the common encryption techniques wherein a mailer would have a cryptographic key that would allow the mailer to encrypt information and place that information on the envelope. The USPS, for example, could then, by using an identical cryptographic.keym decrypt the information on the envelope and ensure that the proper postage for the delivery thereof has been paid. one major drawback of such a system, of course, is that there exists many thousands of mailers and hence, the USPS would be required to maintain a very large data base of cryptographic keys to enable it to decrypt all the different encryption keys distributed to the various mailers.
Consequently. it would be highly desirable to provide a system for reliably authenticating documents in general and, in particular, to reliably authenticate postage information.placed on a mailing document.
Accordingly, it is one object of the present invention to provide a reliable document authenticating system that substantially completely overcomes the above- recited drawbacks.
This object may be accomplished, at least in part, by a system employing public key c M tographic techniques.
According to one aspect of the invention, there is provided a public key c M tosystem for authenticating third party documents comprising:
means, originating from a first party and provided to a second party, for authenticating documents from a third party, said documents having associated therewith information encrypted in accordance with encryption means-originating from said first party.
According to another aspect of the invention there is provided a system for authenticating documents comprising:
an authentication source including means for providing.a_first public-key en=yption key to a third party; means, associated with said source, for providing an authentication message to said third party for application to said document, said authentication message being encrypted by a second public key encryption key and including the decryption key for said first public key encryption key; and means, associated with said source, for providing the decryption key corresponding to said second public key encryption key to an authenticating service such that said authentication message may be decrypted.
According to another aspect of the invention there is provided a method for authenticating third party documents using a public key cryptosystem; said method comprising the step of:
authenticating documents from a third party using means originating from a first party and provided to a second party, said documents having encrypted information associated therewith, said encrypted information being generated in accordance with encryption means originating from said first party.
According to another aspect of the invention there is provided a method for authenticating a document comprising: providing an authentication source, including means for providing a first public key encryption key to a third party;.20 providing, at said source, an authentication message to said third party for application to said document, said authentication message being encrypted by a second public key encryption and including the decryption key for said first public key encryption key and further encrypted by said decryption key for said first public key enc M tion key; and providing. from said source, the decryption key corresponding to said second public key encryption key to an authenticating service such that said authentication message may be decrypted.
According to a further aspect of the invention there is provided encryption apparatus comprising means for encrypting information according to an encryption key of a first encryption-decryption pair and for imprinting the encrypted information on a document together with an encrypted version of an authorising message.
According to a further aspect of the invention, there is provided a method of encryping including encrypting information according to an encryption key of a first encryption-decryption pair and imprinting the encrypted information on a document together with an encrypted version of an authorising message.
According to another aspect of the.invention, there is provided a key generator comprising: means for generating a first encryption-decryption pair; processing means for producing an encrypted version of an authorisation message according to the encryption key of a further encryption-decryption pair; and communicating means for communicating the encryption key of said first pair and said encrypted version to a key user and for communicating the decryption key of said further pair to an authenticator.
Other objects and advantages will become apparent to those skilled in the art from the following detailed description read in conjunction with the appended claims and the drawings attached hereto.
For a better understanding of the invention, and to show how the same may be carried into effect, reference will now be made, by way of example, to the accompanying drawings, in which: Figure 1 is a conceptual diagram of a system embodying the principles of the present invention; and 30 Figure 2 is a block diagram of a system embodying the principles of the present invention; and Figure 3 is a diagram representing the flow of information in the system shown in Figure 2. In order to facilitate the understanding of the description of the present invention as it relates to an operative system that is fully described hereinafter with respect to Figures 2 and 3, the following conceptualization is provided. A neutral third party, generally indicated as an authenticating source 10 in Figure 1, establishes a number of encryption/decryption public key pairs. When a user 12 wishes to take advantage of the service offered by the authenticating source 10, a pair of keys are selected and assigned to the user 12 when he joins the service. That is the user 12 is provided with the key E 2 of the pair E 2 D 2. The user 12 is then preferably provided with a box 13 that contains further boxes 14 and 18. Box 13 is locked with lock 100. Lock 100 has been locked with the key D 2 that can be unlocked only by the key E 2 User 12 unlocks the lock 100 with key E 2 and opens box 13 to find first and second boxes 14 and 18. Alternatively. the user 12 may only be provided with the first box 14 and the second box 18. Regardless, the first box 14 has an open lock 16, the lock 16 representing the encryption/decryption operations with the assigned pair of keys E 2 D 2 In addition, the user 12 is provided with a second box 18 that is locked by lock 20, the locked box 18 being locked via the encryption key El of an unassigned pair of keys, E1D1, the unassigned encryption key EI being maintained in absolute privacy by the authenticating source 10. The second box 18, essentially, _contains a certificate 22 indicative of the authenticating source 10 and the decryption key (D2) 24 of the assigned pair of keys to open the locked box 14 provided to the user 12 in an unlocked condition. The user 12 then places information, or documentation, that is unique to the user 12 within'the unlocked first box 14 and closes the lock 16 with key E2.
The user 12, in this conceptualization, would then take both locked boxes 14 and 18 to the authentication service 26. The authentication service 26 is provided with the decryption key D1 28 by the authenticating source 10. This key DI is.common to all the locks of all of the second boxes 18 created by the authenticating source 10. - The corresponding encryption key El of the unassigned pair of keys, as mentioned above, is maintained in privacy by the authenticating source 10.
Hence, to authenticate the document provided from the user 12, the authentication---service-26 simply unlocks, i.e.
decrypts, the locked second box 18 and immediately recognizes the certiLcate 22 of authenticity from the authenticating source 10. Should the authentication service 26 then wish to ascertain, for verification thereof or for any other purposet the user information, the decryption key...24 of the assigned pair of keys is now available for the authentication service 26 to unlock the first box 14 that was unlocked when provided to the user 12.
As a result, any number of users 12'can request any encryption kem for number o9 unlocked xes 14 whereinto they wish to place information for authentication by the authentication service 26. However, the authentication -service 26 needs to retain only the single decryption key 28 corresponding to all of the locks of all of the second locked boxes 18 provided to the users 12. Thus, each second box 18, as mentioned above, contains both the certificate 22 of authenticity and the decryption key 24 of the assigned pair-of keys to unlock the first box 14 containing user information.
It should be clear from the above description that there is no public key in this "public Key" cryptography system and, although the system is like a secret key system, for example, DES, "the need for the authentication service 26 to maintain a mas-sive database is eliminated since all locks of all second boxes 18 orginally given to users 12 can be unlocked by the single decryption key 28 of the unassigned pair of keys provided to the authentication service 26 by the authenticating source 10. Furthermore,'unless there is an overriding need, the simple unlocking of the locked second boxes 18 provided to users 12 by the authentication service is quite sufficient to demonstrate that the user 12 is inthe preferred embodiment, operating within the system becauseto have access to the second box 18 the user 12 upon receipt of box 13, has is had to unlock 1-ock 100 with the key E2 that only that user 12 possesses. Hence, the user information can, in fact, be retained in privacy and complete secrecy. Further, the actual information can, nonetheless, be accessed, should it (Dp become necessary, by use of the decryption key 2 1) or the assigned pair of keys accompa-nying the certificate 22 of authority.
As more fully discussed hereinafter, in one embodiment, the open lock 16 accompanying the first box 14 would be closed with the encryption key of the public key encryption/ decryption key -pair,- E2D2, -assigned. to the user -12. The key 24 within the locked second box 18 would be the decryption key D2 of the public key encryption/decryption key phir, E2D2 assigned to the user 12. The second box 18 is locked by encrypting the certificate 22 of authenticity and the decryption key 24 to the first box 14 with the encryption key El of the, unassigned pair of keys, thus would be represented, for example, by a string of characters. The key 28 provided to the authentication service 26 would be the decryption key D1 of the unassigned pair of keys kept private by the authenticating source. Since, at least with respect to an RSA public key cryptographic system, the security increases as the prime numbers product serving as the basis for key pair generation increases each document of the present system may include two sets of characters, each set 12 having at least one hundred characters. Typically, one set of characters would represent the encrypted user information that would generally vary for each document. The other set of characters would represent the second locked box 18 and generally would be invariant for each document generated by the user 12 of an assigned pair -of keys. Alternatively, both sets of characters could-be-mixed in a manner retrievable by the authentication service 26. In addition, the invariant set of characters.canbe--changed-at will by the authenticating source 10 without requiring any changes in the system by, for example, changing the content of the certificate 22 of authenticity. This advantage derives from the fact that the certificate 22 is originally written in plain text and-only-the... authenticating -source 10, with the El secret encryption key,' can provide encrypted messages that, upon decryption by the service 26, with key 28, produce a correct message.
It should be noted that the actual number of characters constituting the other set of invariant characters can be significantly reduced with respect to each document of a number of documents that are to be presented to the authenticating service based upon the same assigned pair of keys.
A system 29 for reliably authenticating documents is shown.in Figure 2 wherein the authenticating source 30 includes a public key pair generator 32, a processing unit 34,'a nonvolatile memory 36, a real time operating memory 38 and a communications interface 40. Preferably, the public key pair generator 32 includes'an RSA public key encryption/decryption key generator that may incorporate - therewithin an RSA encryption/decryption chip available from, for example, CYLINK of Sunnyvale, California.
The processing unit 34 can be any general purpose processor or computer, adapted to manipulate the information in accordance with-the-desired function thereof.
Preferably, the nonvolatile memory 36 can be a magnetic disk, magnetic tape or the like, accessible by the processing unit 34. The real time operating memory 38 can include, inter alia, a semiconductor random access memory or floppy disk.
In one specific embodiment, the communications interface 40 can include a telecommunication PC plug-in card. The communications interface 40 is preferably connected to both a mailer 42 and a mail service provider 44.
The mailer 42 includes an encryptor.module 46 adapted for encrypting information via an RSA public key cryptography system. In addition, the mailer 42 includes a nonvolatile memory 48 wherein the key of the assigned public key pair is stored. A compatible communications interface 50 is provided to allow remote communications with the authenticating source is 30 and a processor 52 is included to allow the manipulation of the encrypted information received inputted by the mailer 42 via the input device 54.
The mailer prepares mail by imprinting thereon, or on a document associated therewith, not only an encrypted version of mailing information, such as the amount of postage, th.e weight, the destination etc, but also data representing an encrypted version of the decryption key corresponding to the mailer's encryption key. The encryption of this data has been performed by the authenticating source using the unassigned encryption key.
Subsequent to preparing mail, the mailer 42 delivers that mail to the authenticating service 44 that, for example, can be any local post office. In this particular embodiment, the service 44 includes a decryption device 56, including a decryptor module having a nonvolatile memory associated therewith wherein the decryption key of the unassigned public key pair for this particular system is stored. The decryption key of the unassigned public key pair can, in one embodiment, be the same for every service 44 location. However, if desired, the decryption key of the service 44 locations could be, for example, geographically dependent but nevertheless, uniform throughout a particular geographical region. Nevertheless, none of the service 44 locations needs to maintain a database of keys. In addition, the authenticating service 44 includes a data entry means 58 that can be, for example, a keyboard, an optical reader or any other means for transferring information from the face of, for example, an envelope or manifest to a processor 60 within the is decryption device 56. Preferably, the decryption device 56 further includes a display 62 to provide for a rapid indication either visual or audio, of the authenticity of the information on the envelope being checked. Further, in one particular-embodiment, the decryption device 56 is adapted to communicate via a communications interface 64 with the authentication source 30.
The information flow for the typical system 29 shown in Figure 2 is more clearly depicted in Figure 3. Therein a table 66 of public key encryption/decryption key pairs is shown as would be generated by the key generator 32 of the authenticating source 30. As shown, a pair of these keys is assigned, from the table of keys to a user 42 upon request or upon a regulated change of key. Preferably, in order to enhance the speed of authentication, a message (M) in plain text is encrypted using the unassigned encryption key E 1 that is maintained in private by the authenticating source. In addition to the message, the assigned decryption key D. corresponding to the assigned encryption key E. provided to the user 42 is also encrypted using the unassigned encryption key E 1 In operation, the user-42 can then input information, such as, for example, mailing information, to an encryptor 46 and receive therefrom an encrypted output message. The encrypted output message is supplied via an output 66 to be, in one embodiment printed upon an envelope or other mailing document, by any means available to the mailer such as, for example, a contactless printer 68.
The mail is thereafter presented to the postal service 44 for payment, processing, delivery etc. At this time, the postal service 44 may elect to authenticate one or more of the mail pieces. In order to perform the authentication, the encrypted data from the face of the envelope or other mailing document is inputted-into the decryption device.56 whereupon it is decrypted by use of the decryption key D 1 of the unassigned public key pair generated by the authenticating source 30 and corresponding to the encryption key E 1 that is maintained in private. Upon decryption the authenticity is determined, i.e. the mail piece or document is correct and, in accordance with regulations set forth by the authenticity source 30. Alternatively, the display 62 can so indicate authenticity even if the specific document is not from that.user 12. The identity of the user 12, however, can be ensured if the authenticating source 10 enc M ts the message (M) and the assigned decryption key D. corresponding to the assigned encryption key E. using the assigned decryption key.D.. This is possible since the key function, i.e. encryption or decryption, is reversible. Hence, in order for the user 12 to 16 - obtain the necessary information to place on a mailing document, i.e. the encrypted message (M) and the assigned decryption key, the user 12 must first decrypt, using the assigned encryption key, the information given by the authenticating source 10. Thus. if the postal service 44 decrypts the information on the mailing document and recognizes the message (M) the identity of the user 12 is proven, since only he could have obtained the necessary information.
Advantageously, in addition to providing a reliable document authenticating system the system 29 described herein is advantageous since new pairs of keys can be assigned to mailers 42 without the post office key being updated. This is of particular interest since key synchronization, when keys are frequently altered, is difficult to maintain in many systems. For example, in systems where each-key is used only a single time and keys are used in a prearranged sequence, there is the problem that messages may not be received in order. Thus, if two messages are transposed, the destination key may not match the source key. In the present system 29 this is not a problem since the requisite decryption is, in the macroscopic scheme, common to all messages and in the user specific scheme, the decryption key information accompanies the message itself and therefore cannot possibly get out of order. Indeed, the mailer 42 could use any number of assigned keys in a random sequence, reuse keys, or not use keys at all without affecting the authentication service 44.
Further, the use of public key encryption renders security to the system 29 even if one of the links, or sites, is compromised. For example, on the link between the source to the mailer, the encryption portion and the encrypted message are transmitted. Any attempted thievery by breaking the security of this link would not provide the thief with the necessary information to decode the encryption code. As a result, the thief could not encrypt messages sent from the mailer 42 to the authenticating service 44, that the service 44 could decrypt and verify with the key the mailer received by the service.
Similarly, the service 44 has access to the decoding portion of the key provided to the mailer 42 but does not have access to the encryption portion thereof. Consequently, a party at the service 44 could not possibly forge a message purporting to come from the mailer. Equally, the service 44 has access to the decryption key of the unassigned pair, but not the encryption key, maintained by the source 30, therefore a party at the service 44 cannot create a message purporting to originate from the authenticating source 30.
Thus, in a mail handling system 29 where a substantial number of keys are used for a substantial number of mailers 42, such a system provides distinct advantages. For example, the post office need not maintain a database at all, in fact. it need only maintain a single decryption key thereby reducing security problems as well as databasing problems. Inaddition, the mailer 42 can be assigned a new key any time without concern that the post office will not be updated by the time the message so encrypted arrives. Thus, any number of keys can be used for any number of different or, in fact, identical transmissions while being completely sure that the post office can decode each and every message. Still further, the ordinary security problems related to 18 - any form of cryptographic system are compartmentalized. For example, the loss of security in one link of the system 29 does not destroy the integrity of the entire system. Furthermore, as a benefit to the mailer, while currently in some forms of mailing he is required to deposit his mail with a predesignated post office, this requirement can be removed. The removal of this requirementresults from the fact that each and every post office can be provided with the same decryption key and, as a result, any mailer 42 can deposit his mail with any post office and know that the post office receiving that mail can, nevertheless, determine the authenticity of the information carried thereon.
is It will be understood that the mailer 42 can provide the information on an envelope by using a meter rather than a contactless printing mechanism. In such an embodiment, the actuation of the.printer associated with the meter would be dependent upon receipt of proper information from the mailer 42. Such information would be conveyed as proof of payment with the mail to the post office.
Although the present system has been described herein with respect to a particular system, it will be understood that other arrangements and configurations may be developed by those skilled in the art without departing from the scope of the present invention. Consequently, the scope of the present invention is deemed limited only by the appended claims and a reasonable interpretation thereof. Reference is also directed to our copending UK Application Number $8 19197.1 of even date and entitled "System and Method for Authentication of 35 Documents" (Our Ref: C-335/P10076), the enclosure of which is hereby incorporated herein by reference.

Claims (43)

Claims:
1. A public key cryptosystem for authenticating third party documents comprising:
means, originating from a first party and provided to a second party, for authenticating documents from a third party, said documents having associated therewith information encrypted in accordance with encryption means originating from said first party.
2. A system as claimed in Claim 1 wherein said encrypted information includes means for decrypting third party encrypted information, said decryption means being accessible to said second party via said document authenticating means.
3. A system as claimed in Claim 2 wherein said document authenticating means includes a decryption key of a first public key pair and said encryption means includes a decryption key of a second public key pair encrypted using the encryption key of said first public key pair.
4. A system as claimed in any preceding claim further comprising:
means, provided by said first party to said third party, for encrypting third party information; and means for decrypting said third party information, said decryption means being accessible to said second party via said document authenticating means.
-
5. A system for authenticating a document comprising: an authentication source including means for providing a first public key enryption key to a third party; means, associated with said source, for providing an authentication message to said third party for application to said document, said authentication message being encrypted by a second public key encryption key and including the decryption key for said first public key encryption key; and means, associated with said source, for providing the decryption key corresponding to said second public key encryption key to an authenticating service such that said authentication message may be decrypted.
6. A system as claimed-in C-1aim 5 wherein said authentication message is encrypted using said decryption key for said first public key encryption key.
7. A system as claimed in Claim 5 or 6 wherein said authentication message further includes a certification message that, when said message is decrypted, provides plain text verification that said authentication message originated from said authentication source.
8. A system as claimed in any of claims 5 to 7 wherein said third party is a mailer and said first public key encryption key is used to encrypt mail-related information.
9. A system as claimed in Claim 8 wherein said encrypted mail related information and said authentication message are applied to a mail related document.
10. A system as claimed in Claim 8 or 9 wherein said authenticating service is a postal delivery service.
11. A system as claimed in any of claims 5 to 10 wherein said authenticating source includes:
means for generating a plurality of public key encryption/decryption key pairs; and means for storing said plurality of public key encryption/decryption key pairs.
12. A system as claimed in Claim 11 wherein said authenticating source further includes:
a data processing unit having a real time memory in communication therewith.
13. A system as claimed in any of claims 5 to 12 wherein said third party includes:
means for storing said first public key encryption key and said authentication message; and means for encrypting third party information using said first public key encryption key.
14. A system as claimed in Claim 13 wherein said third party further comprises:
means for inputting said third party information; and means for outputting said encrypted third party information.
22 -
15. A system as claimed in Claim 14 wherein said outputting means comprises: a printer adapted to print said encrypted third party information and said authentication message on a substrate.
16. - A system as claimed in any of claims 5 to 15 wherein said authenticating service includes: means for decrypting said authentication message; and means for displaying an output indicative of the authenticity of said third party document.
17. A method for authenticating third party documents using a public key c M tosystem; said method comprising the step of:
authenticating documents from a third party using means originating from a first party and provided to a second party, said documents having encrypted information associated therewith, said encrypted information being generated in accordance with encryption means originating from said first party.
18. Method as claimed in Claim 17 including the step of decrypting third party encrypted information using decrypting means accessible to said second party by use of said document authenticating means originating from said first party.
19. Method as claimed in Claim 17 or 18 wherein said document authenticating step includes: using a decryption key of a first first public key pair and said encryption means includes a decryption key of a second public key pair encrypted using the encryption key of said first public key pair.
20. Method as claimed in any of claims 17 to 19 further comprising the steps of: providing, from said first party to said third party, means for encrypting third party information; and decrypting said third party information, said decryption means being accessible to said second party via said document authenticating means originating from said first party.
21. A method for authenticating a document comprising: providing an authentication source, including means for providing a first public key encryption key to a third party; providing, at said source, an authentication message to said third party for application to said document, said authentication message being encrypted by a second public key encryption and including the decryption key for said first public key encryption key and further encrypted by said decryption key for said first public key encryption key; and providing, from said source, the decryption key corresponding to said second public key encryption key to an authenticating service such"that said authentication message may be decrypted.
22. Method as claimed in Claim 21 wherein said method further includes the step of providing a certification message that, when said message is decrypted. provides plain text verification that said authentication message originated from said authentication source.
23. Encryption apparatus comprising means for encrypting information according to an encryption key of a first encryption-decryption pair and for imprinting the encrypted information on a document together with an encrypted version of an authorising message.
24. Apparatus according to claim 23 wherein said authorising message has been encrypted according to the encryption key of a second encryptiondecryption pair to generate said version.
25. Apparatus according to claim 23 or 24 wherein said authorising message includes the decryption key of said first pair.
26. Apparatus according to any of claims 23 to 25 15 wherein means are provided for obtaining said encrypted version by decrypting stored data using said encryption key of the first encryption-decryption pair.
27. A method of encrypting including encrypting information according to an encryption key of a first encryption-decryption pair and imprinting the encrypted information on a document together with an encrypted version of an authorising message. 25
28. A method according to claim 27 in which said version is generated by encrypting said authorising message according to the encryption key of a second encryption-decryption pair. 30
29. A method according to claim 27 or 28 in which the decryption key of said first pair is included in said version.
30. A method according to any of claims 27 to 29 in which said encrypted version is obtained by decrypting data using said encryption key of the first encryption-decryption pair.
31. A method of authenticating a document having encrypted information imprinted thereon by the apparatus of any of c-laims-23-to 26 or the method of any of claims 27 to 30 in which said encrypted version is decrypted using the decryption key of the second encryption-decryption pair.
32. A method according to claim 31 in which following decryption of said encrypted version, a thus obtained decryptioh key of said first pair is employed to decrypt said information.
33. Apparatus for authenticating a document having encryped information imprinted thereon by the apparatus of any of claims 23 to 26 or the method of any of claims 27 to 30 comprising means for storing a decryption key for decrypting said encrypted version and means for decrypting said encrypted version using the stored decryption key.
34. Apparatus according to claim 33 further comprising means for decrypting said information on the basis of the decryption key of the first pair obtained by decrypting said version.
35. A key generator comprising: means for generating a first encryption-decryption pair; processing means for producing an encrypted version of an authorisation message according to the encryption key of a further encryption-decryption pair; and communication means for communicating the encryption key of said first pair and said encrypted version to a key user and for communicating the decryption key of said further pair to an authenticator.
36. A generator according to claim 35 wherein said processing means is operable to produce an encrypted version of an authenticating message using said encryption key of the further pair.
37. A public key encryption system substantially as hereinbefore described with reference to the accompanying drawings.
38. A system for authenticating a document substantially as hereinbefore described with reference to the accompanying drawings.
39. A method for authenticating a document substantially as hereinbefore described with reference to the accompanying drawings.
40. Encryption apparatus substantially as hereinbefore described with reference to the accompanying drawings.
41. A method of encrypting substantially as hereinbefore described with reference to the accompanying drawings.
42. Apparatus for authenticating a document substantially as hereinbefore described with reference to the accompanying drawings.
43. A key generator substantially as hereinbefore described with reference to the accompanying drawings.
Published 1989 atThe Patent 0Mce, State House, 66f71 High Holburn, London WC1R 4TP. Further copiesmaybe obtainedfromThe Patent0Mce. Sales Branch, St Mary Cray, Orpington, Kent BR5 3RD. Printed by Multiplex techniques ltd, St Mary Cray Kent, Con. 1187
GB8828988A 1987-12-18 1988-12-12 Document authentication system Expired - Fee Related GB2211644B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US07/136,251 US4853961A (en) 1987-12-18 1987-12-18 Reliable document authentication system
US07/140,051 US4893338A (en) 1987-12-31 1987-12-31 System for conveying information for the reliable authentification of a plurality of documents

Publications (3)

Publication Number Publication Date
GB8828988D0 GB8828988D0 (en) 1989-01-25
GB2211644A true GB2211644A (en) 1989-07-05
GB2211644B GB2211644B (en) 1992-06-03

Family

ID=26834160

Family Applications (2)

Application Number Title Priority Date Filing Date
GB8828987A Expired - Fee Related GB2211643B (en) 1987-12-18 1988-12-12 System and method for authentication of documents
GB8828988A Expired - Fee Related GB2211644B (en) 1987-12-18 1988-12-12 Document authentication system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB8828987A Expired - Fee Related GB2211643B (en) 1987-12-18 1988-12-12 System and method for authentication of documents

Country Status (1)

Country Link
GB (2) GB2211643B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999057688A1 (en) * 1998-05-07 1999-11-11 Sc-Info+Inno Gmbh+Co. Method for proving the authenticity of documents
WO2000072501A1 (en) 1999-05-22 2000-11-30 Sc-Info+Inno Gmbh+Co. Electronic transmission and authentication of texts
US6308165B1 (en) 1997-02-28 2001-10-23 Neopost Limited Method of and apparatus for generating and authenticating postal indicia
DE19946004B4 (en) * 1999-09-03 2006-08-17 Sc-Info+Inno Gmbh + Co. Method for verifying the integrity and authorship of texts

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4888803A (en) * 1988-09-26 1989-12-19 Pitney Bowes Inc. Method and apparatus for verifying a value for a batch of items
FR2657985B1 (en) * 1990-02-05 1994-06-10 Bertin & Cie METHOD AND INSTALLATION FOR MONITORING THE POSTAL FOLDING POSTAGE.
DE19734507C2 (en) 1997-08-08 2000-04-27 Siemens Ag Method for checking the authenticity of a data carrier
CN108257319B (en) * 2018-02-12 2023-10-31 中国电力科学研究院有限公司 USBKEY safe storage cabinet with encryption and decryption functions and application method thereof

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0006498A1 (en) * 1978-06-16 1980-01-09 The Grey Lab. Establishment Method and apparatus for document authentification
GB2100190A (en) * 1981-06-05 1982-12-22 Grey Lab Establishment Protecting and checking documents
GB2140179A (en) * 1981-10-19 1984-11-21 American Express Co Protection system for intelligent cards
EP0132782A2 (en) * 1983-07-18 1985-02-13 Pitney Bowes Inc. System for printing encrypted messages with bar-code representation
GB2164181A (en) * 1984-08-30 1986-03-12 Casio Computer Co Ltd Ic card and an identification system thereof
EP0214609A2 (en) * 1985-09-04 1987-03-18 Hitachi, Ltd. Electronic transaction method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0006498A1 (en) * 1978-06-16 1980-01-09 The Grey Lab. Establishment Method and apparatus for document authentification
GB2100190A (en) * 1981-06-05 1982-12-22 Grey Lab Establishment Protecting and checking documents
GB2140179A (en) * 1981-10-19 1984-11-21 American Express Co Protection system for intelligent cards
EP0132782A2 (en) * 1983-07-18 1985-02-13 Pitney Bowes Inc. System for printing encrypted messages with bar-code representation
GB2164181A (en) * 1984-08-30 1986-03-12 Casio Computer Co Ltd Ic card and an identification system thereof
EP0214609A2 (en) * 1985-09-04 1987-03-18 Hitachi, Ltd. Electronic transaction method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6308165B1 (en) 1997-02-28 2001-10-23 Neopost Limited Method of and apparatus for generating and authenticating postal indicia
US7809649B2 (en) 1997-02-28 2010-10-05 Neopost Technologies Security and authentication of postage indicia
WO1999057688A1 (en) * 1998-05-07 1999-11-11 Sc-Info+Inno Gmbh+Co. Method for proving the authenticity of documents
WO2000072501A1 (en) 1999-05-22 2000-11-30 Sc-Info+Inno Gmbh+Co. Electronic transmission and authentication of texts
DE19946004B4 (en) * 1999-09-03 2006-08-17 Sc-Info+Inno Gmbh + Co. Method for verifying the integrity and authorship of texts

Also Published As

Publication number Publication date
GB2211643A (en) 1989-07-05
GB8828987D0 (en) 1989-01-25
GB2211644B (en) 1992-06-03
GB8828988D0 (en) 1989-01-25
GB2211643B (en) 1992-04-29

Similar Documents

Publication Publication Date Title
US4853961A (en) Reliable document authentication system
US4893338A (en) System for conveying information for the reliable authentification of a plurality of documents
US4458109A (en) Method and apparatus providing registered mail features in an electronic communication system
CA2043533C (en) Electronic notary
US5426700A (en) Method and apparatus for verification of classes of documents
US4757537A (en) System for detecting unaccounted for printing in a value printing system
US5619571A (en) Method for securely storing electronic records
US6185546B1 (en) Apparatus and method for providing secured communications
EP0422757B1 (en) Public/key date-time notary facility
US20090274306A1 (en) Method for Key Administration for Cryptography Modules
US6073125A (en) Token key distribution system controlled acceptance mail payment and evidencing system
JP2009238254A (en) System and method for electronic transmission, storage and retrieval of authenticated document
US20080130876A1 (en) Method for Private-Key Encryption of Messages, and Application to an Installation
US5805701A (en) Enhanced encryption control system for a mail processing system having data center verification
JPH10135943A (en) Portable information storage medium, verification method and verification system
GB2211644A (en) Reliable document authentication system
ES2428402T3 (en) Procedure to provide postal shipments of postage marks
GB2293737A (en) Postage evidencing system with encrypted hash summary reports
JPH09114719A (en) Information recording business card and file transfer system using the card
JP3854674B2 (en) Cryptographic communication device
RU2323531C2 (en) Method for forming documents, which may be checked and which are protected from falsification, and money transfer center
EP0784256A1 (en) Method and apparatus for public-key cryptography using a secure semiconductor device
JP2003316912A (en) Electronic contents originality verification evidence forming system
JPS62245747A (en) Electronic stamping system
JPH09107352A (en) Data signature unit

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20061212