CA2158290A1 - Postage evidencing system with secure summary reports - Google Patents
Postage evidencing system with secure summary reportsInfo
- Publication number
- CA2158290A1 CA2158290A1 CA002158290A CA2158290A CA2158290A1 CA 2158290 A1 CA2158290 A1 CA 2158290A1 CA 002158290 A CA002158290 A CA 002158290A CA 2158290 A CA2158290 A CA 2158290A CA 2158290 A1 CA2158290 A1 CA 2158290A1
- Authority
- CA
- Canada
- Prior art keywords
- funding
- hash value
- activity
- record
- postage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00459—Details relating to mailpieces in a franking system
- G07B17/00661—Sensing or measuring mailpieces
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00435—Details specific to central, non-customer apparatus, e.g. servers at post office or vendor
- G07B2017/00443—Verification of mailpieces, e.g. by checking databases
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00459—Details relating to mailpieces in a franking system
- G07B17/00508—Printing or attaching on mailpieces
- G07B2017/00572—Details of printed item
- G07B2017/00596—Printing of address
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00459—Details relating to mailpieces in a franking system
- G07B17/00661—Sensing or measuring mailpieces
- G07B2017/00709—Scanning mailpieces
- G07B2017/00725—Reading symbols, e.g. OCR
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00741—Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
- G07B2017/0075—Symmetric, secret-key algorithms, e.g. DES, RC2, RC4, IDEA, Skipjack, CAST, AES
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00741—Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
- G07B2017/00758—Asymmetric, public-key algorithms, e.g. RSA, Elgamal
- G07B2017/00766—Digital signature, e.g. DSA, DSS, ECDSA, ESIGN
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00741—Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
- G07B2017/00782—Hash function, e.g. MD5, MD2, SHA
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Abstract
A method of verifying a summary activity report representing the total postage expended by a postage meter for a given activity period per preselected postal categories is accomplished by generating a hash value representative of the postal transactions of the postage meter. As a first step, each transaction is recorded in the memory unit of the postage meter. The funding activity records are then retrieved from said memory unit by recorded postal category for the selected activity period. A
hash value is then calculated for the retrieved records. The calculated hash value is encrypted and printed along with the retrieved record of funding activity. The printed report including the encrypted hash value is then inputted into a verification apparatus by either key entry or optical scanner. The verification apparatus then independently calculates a hash value based upon the inputted record of funding activity and generates an encrypted hash value representative of the inputted funding information.
A comparison is now between the now derived encrypted hash value to the encrypted hash value generated by said verification apparatus. If the report has not been altered that the encrypted hash values will be identical.
hash value is then calculated for the retrieved records. The calculated hash value is encrypted and printed along with the retrieved record of funding activity. The printed report including the encrypted hash value is then inputted into a verification apparatus by either key entry or optical scanner. The verification apparatus then independently calculates a hash value based upon the inputted record of funding activity and generates an encrypted hash value representative of the inputted funding information.
A comparison is now between the now derived encrypted hash value to the encrypted hash value generated by said verification apparatus. If the report has not been altered that the encrypted hash values will be identical.
Description
21~290 POSTAGE EVIDENCING SYSTEM WIT~I
SECURE SUMMARY REPORTS
Back~round of the Invention The present invention relates to postage evidencing devices and, more particularly, to postage meters having an accounting system and means for communicating account records.
Conventional postage meters utilize letter press techniques to print a postage payment indicia on an envelope as evidence of postage payment and a secure accounting system for recording postage dispensed. A number of security methods 0 have been devised over time to protect against fraudulent printing of postage indicia with respect to letter press type postage meters. For example, special inks are used, and the indicia plate and postage value print wheels are physically secured to prevent an unauthorized indicia impression from being taken. As noted, the conventional postage meter accounts for the postage printed by the postage meter and a number of methods have been devised to protect the postage accounting system within the meter, e.g., tamper proof housings.
Postage evidencing devices, such as the conventional postage meters, are now being developed utili7:ing digital printing techniques, such as thermal transfer printing.
Digital printing techniques employ bit map addressable printing which differs significantly from traditional letter press printing. The critical security provision for digitally printed indicia is by encrypted information such as digital tokens, for example, as described in detail in US Patent No. 5,448,641, entitled POSTAL RATING
SYSTEM WITH VERIFIABLE INTEGRITY, which describes a procedure for providing postal rate security. Encrypted information verification requires either a secret key or a public key encryption system. It has been concluded that a secret key system is more advantageous for the mailer-post communication. Any secret key cryptographic system assumes the presence of a secret key shared by the particular postage meter provided and the verification authority, usually the Postal Service.
A potential benefit of digital printing postage meter devices is the ability to utilize the digital printer for printing both the postage indicia and to use the same digital printer to print, on request, a summary report of metering activities during some pre-specified accounting period.
The summary report p.ere-~bly would contain a table of data including number of mailpieces in dirrerel-~ rate categories and associated postage, plus a total postage printed during the accounting period. The summary report can be printed preferably by the postage meter digital printer which is used to print the postage indicia or by any 21~829~
SECURE SUMMARY REPORTS
Back~round of the Invention The present invention relates to postage evidencing devices and, more particularly, to postage meters having an accounting system and means for communicating account records.
Conventional postage meters utilize letter press techniques to print a postage payment indicia on an envelope as evidence of postage payment and a secure accounting system for recording postage dispensed. A number of security methods 0 have been devised over time to protect against fraudulent printing of postage indicia with respect to letter press type postage meters. For example, special inks are used, and the indicia plate and postage value print wheels are physically secured to prevent an unauthorized indicia impression from being taken. As noted, the conventional postage meter accounts for the postage printed by the postage meter and a number of methods have been devised to protect the postage accounting system within the meter, e.g., tamper proof housings.
Postage evidencing devices, such as the conventional postage meters, are now being developed utili7:ing digital printing techniques, such as thermal transfer printing.
Digital printing techniques employ bit map addressable printing which differs significantly from traditional letter press printing. The critical security provision for digitally printed indicia is by encrypted information such as digital tokens, for example, as described in detail in US Patent No. 5,448,641, entitled POSTAL RATING
SYSTEM WITH VERIFIABLE INTEGRITY, which describes a procedure for providing postal rate security. Encrypted information verification requires either a secret key or a public key encryption system. It has been concluded that a secret key system is more advantageous for the mailer-post communication. Any secret key cryptographic system assumes the presence of a secret key shared by the particular postage meter provided and the verification authority, usually the Postal Service.
A potential benefit of digital printing postage meter devices is the ability to utilize the digital printer for printing both the postage indicia and to use the same digital printer to print, on request, a summary report of metering activities during some pre-specified accounting period.
The summary report p.ere-~bly would contain a table of data including number of mailpieces in dirrerel-~ rate categories and associated postage, plus a total postage printed during the accounting period. The summary report can be printed preferably by the postage meter digital printer which is used to print the postage indicia or by any 21~829~
other printer attached to a computer (PC) equipped with a standard serial interface, e.g., RS 242. In the latter case, the summary data is passed to the PC through the RS
242 interface of the postage meter.
The summary report can be audited by the Postal Service in order to compare s their records of mailing activities of the postage meter by serial number or other identifying number and mailer's records. The total postage spent is usually stored in a protected tamper resistant memory of the postage meter and it would be detectable if the mailer would try to alter this number. However, the other parts of the report can be easily altered without ch~nging the total postage spent. Because of the 0 characteristics of the postal rating structure, the total number of pieces as well as the number of pieces by class/weight can be fraudulently decreased in the report thus misleading auditing authority of the Postal Service to the benefit of the mailer.
Summarv of the Invention It is the objective of the present invention to prevent a method such that unauthorized alteration of the summary mail report is detect~ble by the postal ~u~iting authority using cryptography means.
The summary report data is subjected to a conventional cryptographic hash function. The value of the hash function represents a "fingel ~l inl" of the summary report. Thus, any attempt to alter any character in the summary report would result in a change in the value of the hash function. Once a hash value of the summary report file is computed, it can be encrypted with the same secret key which the postageevidencing device utilizes for encrypting information printed in the indicia (i.e., digital tokens). Then the encrypted value of the hash function is printed together with the summary report, in effect providing a digital signature that authenticates the summary report information. In this case, the summary report could have the appearance as represented in Table 1.
~lS8~
242 interface of the postage meter.
The summary report can be audited by the Postal Service in order to compare s their records of mailing activities of the postage meter by serial number or other identifying number and mailer's records. The total postage spent is usually stored in a protected tamper resistant memory of the postage meter and it would be detectable if the mailer would try to alter this number. However, the other parts of the report can be easily altered without ch~nging the total postage spent. Because of the 0 characteristics of the postal rating structure, the total number of pieces as well as the number of pieces by class/weight can be fraudulently decreased in the report thus misleading auditing authority of the Postal Service to the benefit of the mailer.
Summarv of the Invention It is the objective of the present invention to prevent a method such that unauthorized alteration of the summary mail report is detect~ble by the postal ~u~iting authority using cryptography means.
The summary report data is subjected to a conventional cryptographic hash function. The value of the hash function represents a "fingel ~l inl" of the summary report. Thus, any attempt to alter any character in the summary report would result in a change in the value of the hash function. Once a hash value of the summary report file is computed, it can be encrypted with the same secret key which the postageevidencing device utilizes for encrypting information printed in the indicia (i.e., digital tokens). Then the encrypted value of the hash function is printed together with the summary report, in effect providing a digital signature that authenticates the summary report information. In this case, the summary report could have the appearance as represented in Table 1.
~lS8~
Table 1 - Signed Summary Report Postage Evidencing Device ID: 12345678 Accounting Period: June 1, 1994 -- July 1,1994 Mail Category/Weight Number of Pieces Postage/Piece Postage Class 1-loz 10 $0.29 $2.9 Class 1-2OZ 7 $0.52 $3.64 Class 3-loz 20 $0.19 $3.80 Class 4-60OZ 5 $1.07 $5.35 Total 42 N/A $15.69 Digital Signature: 12309876552344567890998776654233445.
The relevant for summary report data should be stored in a protected tamper resistant memory. This data includes number of pieces in each category that wereimprinted by the postage evidencing device. Once this data is properly stored, the summary report is generated with this data and digitally signed which cannot be undetectable altered.
Brief Description of the Drawin~s Fig. 1 is a schematic of a micro control system for driving a thermal transfer digital printing postage meter and a computer base system in accordance with thepresent invention.
Fig. 2 is a flow chart illustrating an activity report generation process in accordance with the present invention.
Fig. 3 is a flow chart illustrating the ~ liting process for verifying the activity report generated in accordance with the present invention.
Detailed Description of the Preferred Embodiment Referring to Fig. 1, a postage meter 11 is comprised of a microcontroller 13 in bus 15 communication with memory units 17, address decoder 19, encryption and decryption module (DES) 21 and a printer controller/buffer unit 23, all of any suitable design. The printer controller/buffer unit 23 is in bus 25 communication with any 4 21~29~
suitable thermal print driver and suitable print head 27. It is intended that the postage meter be of any suitable design for employing digital printing techniques, such as, ink jet, laser or thermal transfer.
A postal audit unit 30 is comprised of a scanner/optical character reader 32 of any suitable conventional design to provide input to the postal audit system 30.Alternatively, a keyboard input unit (not shown) may be used. Preferably, the scanner 32 is in bus 34 communication with a processor unit 36 and encryption and decryption unit (DES) 38. The processor unit 36 and encryption and decryption unit (DES) 21, respe~;Lively, provide input to a comparator 40. The output from the comparator 40 is directed to a conventional display/alarm unit 42.
The postage meter is intended to print postage payment indicia 51 on an envelope 53 in any one of known methods. In a manner to be described in greater detail subsequently, the meter is programmed to m~int~in a record of the postingcharacteristics, such as, class, weight and amount of postage dispensed per mailpiece in the memory units in any suitable known manner.
The microcontroller 13 of the postage mete 11 is further programmed in any suitable conventional manner to generate account reports pursuant to the postingcharacteristics information stored in lllellloly and print the report 55 utili7:ing the meter print head 27. The report will also include a digital signature derived in a manner subsequently described. It should also be appreciated that alternatively by l1tili~ing a communication port of the postage meter (not shown), a conventional computer maybe interfaced to the postage meter in a conventional manner such that the report, along with the digital sign~tl-re, can be electronically transferred to the computer for printing under the control of the computer (not shown).
In the pr~re.. ed embodiment, the report 55 is printed under the control ofthe postage meter microcontroller 13 and transferred to the postal service postal audit unit 30. The il~rorll.a~ion from the report 55 may be keyed in from a keyboard (not shown) or, preferably, placed under a scanner 32 co~ ining an optical character reader (OCR). The scanner 32 then l-~nsrel~ the information derived from sc~nnin~ the report 55 to the processor 36 and DES unit 38 along a bus 34. The information processed in the processor 36 and the DES unit 38, in a manner subsequently described, and is col.~pal ed by a colllpal ~tor 40 with the information printed in the report. The output from the comparator 40 is directed to the display 42 which may include an alarm for actuation depending on the output of the co...pa.~or 40.
The microprocessor 13 is programmed to apply a hash function to the account information data to produce a hash value which is indicative of the content of the summary report and yet may be considerably reduced in data size. As used herein,hash function is a well known function which possesses at least two properties. It is computationally difficult to (i) recover a message corresponding to a given message 21~ 90 s digest and (ii) to find two dirrerenl mess~ges which produce the same hash value(message digest). Some well known hash functions are described in American National Standard X9.30 - 1993, Public Key Cryptography Using Irreversible Algo,ill"ns For The Financial Services Industry: Part 2: The Secure Hash Algorithm (SHA). It should be noted that there are other publicly available hash functions that can be implemented for the purpose of the present invention. As for example, oneformal definition is set forth in Contemporary Cryptology by G. Simmons, IEEE Press 1992 at page 345, and yet another definition is that a hash function is a function that satisfies the following properties:
1) it is capable of converting a file F of a,lil,~,y length into a fixed-length digest h (F);
2) h must be "one way", that is, given an albill~ly value y in the domain of h, it must be computationally infeasible to find file F such that h (F) = y;
and 3) h must be "collision free", that is, it must be computationally infeasible to construct two di~erenl files Fl and F2 such that h(Fl),=h(F2) If the data (the summary report data) being ll;1n~",;lled to the postal audit unit 42 is not private, it is not necessary to encrypt the information and prevent unauthorized decryption i.e., it is not important to protect secrecy ofthe information itself otherwise this h~llllalion can be suitably encrypted. Upon calculation of the hash value of the summary report data, the postage evidencing device encrypts the hash value, with its secret key and prints the encrypted message in the report. The postal audit unit 30 receives the encrypted hash value ("~ign~tllre") (e.g. by OCR
sc~nning), and decrypts it with a secret key shared with the postage evidencing device, thus obtaining the plain text hash value. The postage audit unit 30 then independently computes the hash value of the received summary report data using the same hash function as was used by the postage evidencing device. The hash algorithm employed may be one in the public domain, however, the algorithm resides both at the postage evidencing device 11 and at the postal audit unit 30. If the two hash values, namely the hash value computed in the postage evidencing device 11 and audit unit 30 match each other, the integrity ofthe summary report data 55 is assured. Alternatively, you can generate just the digital signature and compare. Whether the alternative is prerelled depends on whether the encryption/decryption is symmetrical or not.
Referring now to Fig. 2, the microcontroller 13 is programmed to generate summary report by entering a report routine. The report routine, at process block 60, retrieves from the protected memory for each postal rate used during the accounting period, the number of pieces imprinted with this postal rate. At process block 62, a summary report file is generated and the hash value is calculated of this file. At ~1~8230 process block 64, this hash value is passed to a secure encryption module 21 of the postage evidencing device micro control system. At process block 65, using secret encryption key of the postage evidencing device, the hash value of the summary report is encrypted and the encrypted hash value (digital signature) is pl epared for printing.
Finally, at logic block 67, the summary report with digital sign~tllre is printed.
~ltliting of the summary report can be done by es.sçnti~lly repeating the same steps, namely computing the hash value of the summary report as printed using the same hashing algorithm as was used to create the digital signature by the postage evidencing device. Then the hash value is encrypted with the same secret key which is o shared between the post office audit system and the postage meter. Finally, the resulting encrypted value is compared with the digital signature printed in the summary report. A mi~m~tch indicates alteration of the summary report. A match assures that the report has not been altered.
The a~ iting process is depicted in the following Fig. 3. At process block 70, information from the summary report including digital signature is entered by either sc~nning or keying the information into the audit unit 30. At process block 72, summary report file is generated and the hash value of that summary report is computed and passed to a secure processor 38 for encryption. At process block 74, the secret key matching the secret key of the postage meter is retrieved by using the postage meter ID and the encrypted hash value using retrieved secret key produces a verification digital ~ign~tllre. At decision process block 76, the digital si~n~t--re printed in the ~ulllmaly report and the verifying digital signatl1re are compared. If they match at process block 78, then the process terminates at process block 80. If they do not match at process block 78, then the auditor is alerted to investigate mailer at process block 82.
The relevant for summary report data should be stored in a protected tamper resistant memory. This data includes number of pieces in each category that wereimprinted by the postage evidencing device. Once this data is properly stored, the summary report is generated with this data and digitally signed which cannot be undetectable altered.
Brief Description of the Drawin~s Fig. 1 is a schematic of a micro control system for driving a thermal transfer digital printing postage meter and a computer base system in accordance with thepresent invention.
Fig. 2 is a flow chart illustrating an activity report generation process in accordance with the present invention.
Fig. 3 is a flow chart illustrating the ~ liting process for verifying the activity report generated in accordance with the present invention.
Detailed Description of the Preferred Embodiment Referring to Fig. 1, a postage meter 11 is comprised of a microcontroller 13 in bus 15 communication with memory units 17, address decoder 19, encryption and decryption module (DES) 21 and a printer controller/buffer unit 23, all of any suitable design. The printer controller/buffer unit 23 is in bus 25 communication with any 4 21~29~
suitable thermal print driver and suitable print head 27. It is intended that the postage meter be of any suitable design for employing digital printing techniques, such as, ink jet, laser or thermal transfer.
A postal audit unit 30 is comprised of a scanner/optical character reader 32 of any suitable conventional design to provide input to the postal audit system 30.Alternatively, a keyboard input unit (not shown) may be used. Preferably, the scanner 32 is in bus 34 communication with a processor unit 36 and encryption and decryption unit (DES) 38. The processor unit 36 and encryption and decryption unit (DES) 21, respe~;Lively, provide input to a comparator 40. The output from the comparator 40 is directed to a conventional display/alarm unit 42.
The postage meter is intended to print postage payment indicia 51 on an envelope 53 in any one of known methods. In a manner to be described in greater detail subsequently, the meter is programmed to m~int~in a record of the postingcharacteristics, such as, class, weight and amount of postage dispensed per mailpiece in the memory units in any suitable known manner.
The microcontroller 13 of the postage mete 11 is further programmed in any suitable conventional manner to generate account reports pursuant to the postingcharacteristics information stored in lllellloly and print the report 55 utili7:ing the meter print head 27. The report will also include a digital signature derived in a manner subsequently described. It should also be appreciated that alternatively by l1tili~ing a communication port of the postage meter (not shown), a conventional computer maybe interfaced to the postage meter in a conventional manner such that the report, along with the digital sign~tl-re, can be electronically transferred to the computer for printing under the control of the computer (not shown).
In the pr~re.. ed embodiment, the report 55 is printed under the control ofthe postage meter microcontroller 13 and transferred to the postal service postal audit unit 30. The il~rorll.a~ion from the report 55 may be keyed in from a keyboard (not shown) or, preferably, placed under a scanner 32 co~ ining an optical character reader (OCR). The scanner 32 then l-~nsrel~ the information derived from sc~nnin~ the report 55 to the processor 36 and DES unit 38 along a bus 34. The information processed in the processor 36 and the DES unit 38, in a manner subsequently described, and is col.~pal ed by a colllpal ~tor 40 with the information printed in the report. The output from the comparator 40 is directed to the display 42 which may include an alarm for actuation depending on the output of the co...pa.~or 40.
The microprocessor 13 is programmed to apply a hash function to the account information data to produce a hash value which is indicative of the content of the summary report and yet may be considerably reduced in data size. As used herein,hash function is a well known function which possesses at least two properties. It is computationally difficult to (i) recover a message corresponding to a given message 21~ 90 s digest and (ii) to find two dirrerenl mess~ges which produce the same hash value(message digest). Some well known hash functions are described in American National Standard X9.30 - 1993, Public Key Cryptography Using Irreversible Algo,ill"ns For The Financial Services Industry: Part 2: The Secure Hash Algorithm (SHA). It should be noted that there are other publicly available hash functions that can be implemented for the purpose of the present invention. As for example, oneformal definition is set forth in Contemporary Cryptology by G. Simmons, IEEE Press 1992 at page 345, and yet another definition is that a hash function is a function that satisfies the following properties:
1) it is capable of converting a file F of a,lil,~,y length into a fixed-length digest h (F);
2) h must be "one way", that is, given an albill~ly value y in the domain of h, it must be computationally infeasible to find file F such that h (F) = y;
and 3) h must be "collision free", that is, it must be computationally infeasible to construct two di~erenl files Fl and F2 such that h(Fl),=h(F2) If the data (the summary report data) being ll;1n~",;lled to the postal audit unit 42 is not private, it is not necessary to encrypt the information and prevent unauthorized decryption i.e., it is not important to protect secrecy ofthe information itself otherwise this h~llllalion can be suitably encrypted. Upon calculation of the hash value of the summary report data, the postage evidencing device encrypts the hash value, with its secret key and prints the encrypted message in the report. The postal audit unit 30 receives the encrypted hash value ("~ign~tllre") (e.g. by OCR
sc~nning), and decrypts it with a secret key shared with the postage evidencing device, thus obtaining the plain text hash value. The postage audit unit 30 then independently computes the hash value of the received summary report data using the same hash function as was used by the postage evidencing device. The hash algorithm employed may be one in the public domain, however, the algorithm resides both at the postage evidencing device 11 and at the postal audit unit 30. If the two hash values, namely the hash value computed in the postage evidencing device 11 and audit unit 30 match each other, the integrity ofthe summary report data 55 is assured. Alternatively, you can generate just the digital signature and compare. Whether the alternative is prerelled depends on whether the encryption/decryption is symmetrical or not.
Referring now to Fig. 2, the microcontroller 13 is programmed to generate summary report by entering a report routine. The report routine, at process block 60, retrieves from the protected memory for each postal rate used during the accounting period, the number of pieces imprinted with this postal rate. At process block 62, a summary report file is generated and the hash value is calculated of this file. At ~1~8230 process block 64, this hash value is passed to a secure encryption module 21 of the postage evidencing device micro control system. At process block 65, using secret encryption key of the postage evidencing device, the hash value of the summary report is encrypted and the encrypted hash value (digital signature) is pl epared for printing.
Finally, at logic block 67, the summary report with digital sign~tllre is printed.
~ltliting of the summary report can be done by es.sçnti~lly repeating the same steps, namely computing the hash value of the summary report as printed using the same hashing algorithm as was used to create the digital signature by the postage evidencing device. Then the hash value is encrypted with the same secret key which is o shared between the post office audit system and the postage meter. Finally, the resulting encrypted value is compared with the digital signature printed in the summary report. A mi~m~tch indicates alteration of the summary report. A match assures that the report has not been altered.
The a~ iting process is depicted in the following Fig. 3. At process block 70, information from the summary report including digital signature is entered by either sc~nning or keying the information into the audit unit 30. At process block 72, summary report file is generated and the hash value of that summary report is computed and passed to a secure processor 38 for encryption. At process block 74, the secret key matching the secret key of the postage meter is retrieved by using the postage meter ID and the encrypted hash value using retrieved secret key produces a verification digital ~ign~tllre. At decision process block 76, the digital si~n~t--re printed in the ~ulllmaly report and the verifying digital signatl1re are compared. If they match at process block 78, then the process terminates at process block 80. If they do not match at process block 78, then the auditor is alerted to investigate mailer at process block 82.
Claims (7)
1. A method of verifying an activity report representing the funding activity of a funding apparatus for a given activity period by a verification apparatus, said funding apparatus having a microcomputer system programmed to track and record funding activity of the funding apparatus by funding category in a memory unit comprising the steps of:
retrieving from said memory unit said record of funding activity of said fundingapparatus for said activity period;
calculating a hash value for said retrieved record of funding activity;
encrypting said calculated hash value;
printing said retrieved record of funding activity and said encrypted hash value;
inputting said printed record of funding activity into said verification apparatus, said verification apparatus having means for calculating a hash value based upon said inputted record of funding activity and generate an encrypted hash value from said calculated hash value;
compare said printed encrypted hash value to said encrypted hash value generated by said verification apparatus.
retrieving from said memory unit said record of funding activity of said fundingapparatus for said activity period;
calculating a hash value for said retrieved record of funding activity;
encrypting said calculated hash value;
printing said retrieved record of funding activity and said encrypted hash value;
inputting said printed record of funding activity into said verification apparatus, said verification apparatus having means for calculating a hash value based upon said inputted record of funding activity and generate an encrypted hash value from said calculated hash value;
compare said printed encrypted hash value to said encrypted hash value generated by said verification apparatus.
2. A method as claimed in claim 1 wherein said encryption steps incorporate a encryption key unique to said particular funding apparatus.
3. A method as claimed in claim 2 wherein said funding apparatus is a postage meter.
4. A method of verifying a summary activity report representing the total postage expended by a postage meter funding apparatus for a given activity period for a given postal category by a verification apparatus, said postage meter funding apparatus having a microcomputer system programmed to track and record funding activity ofthe funding apparatus by postal category in a memory unit comprising the steps of:
retrieving from said memory unit said record of funding activity by postal category of said postage meter funding apparatus for said activity period;
calculating a hash value for said retrieved record of funding activity;
encrypting said calculated hash value;
printing said retrieved record of funding activity and said encrypted hash value;
inputting said printed record of funding activity into said verification apparatus, said verification apparatus having means for calculating a hash value based upon said inputted record of funding activity and generate an encrypted hash value from said calculated hash value;
compare said printed encrypted hash value to said encrypted hash value generated by said verification apparatus.
retrieving from said memory unit said record of funding activity by postal category of said postage meter funding apparatus for said activity period;
calculating a hash value for said retrieved record of funding activity;
encrypting said calculated hash value;
printing said retrieved record of funding activity and said encrypted hash value;
inputting said printed record of funding activity into said verification apparatus, said verification apparatus having means for calculating a hash value based upon said inputted record of funding activity and generate an encrypted hash value from said calculated hash value;
compare said printed encrypted hash value to said encrypted hash value generated by said verification apparatus.
5. A method as claimed in claim 4 wherein said encryption steps incorporate a encryption key unique to said particular postage meter funding apparatus.
6. A method of verifying a summary activity report representing the total postage expended by a postage meter funding apparatus for a given activity period for a given postal category by a verification apparatus, said postage meter funding apparatus having a microcomputer system programmed to track and record funding activity ofthe funding apparatus by postal category in a memory unit comprising the steps of:
retrieving from said memory unit said record of funding activity by postal category of said postage meter funding apparatus for said activity period;
calculating a hash value for said retrieved record of funding activity;
encrypting said calculated hash value;
printing said retrieved record of funding activity and said encrypted hash value;
inputting said printed record of funding activity and said encrypted hash value into said verification apparatus, said verification apparatus having means for calculating a hash value based upon said inputted record of funding activity anddecrypting said encrypted hash value;
compare said decrypted hash value to said calculated encrypted hash value generated by said verification apparatus.
retrieving from said memory unit said record of funding activity by postal category of said postage meter funding apparatus for said activity period;
calculating a hash value for said retrieved record of funding activity;
encrypting said calculated hash value;
printing said retrieved record of funding activity and said encrypted hash value;
inputting said printed record of funding activity and said encrypted hash value into said verification apparatus, said verification apparatus having means for calculating a hash value based upon said inputted record of funding activity anddecrypting said encrypted hash value;
compare said decrypted hash value to said calculated encrypted hash value generated by said verification apparatus.
7. A method as claimed in claim 6 wherein said encryption steps incorporate a encryption key unique to said particular postage meter funding apparatus.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US32630994A | 1994-09-29 | 1994-09-29 | |
| US08/326,309 | 1994-09-29 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2158290A1 true CA2158290A1 (en) | 1996-03-30 |
Family
ID=23271687
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002158290A Abandoned CA2158290A1 (en) | 1994-09-29 | 1995-09-14 | Postage evidencing system with secure summary reports |
Country Status (2)
| Country | Link |
|---|---|
| CA (1) | CA2158290A1 (en) |
| GB (1) | GB2293737A (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5778066A (en) * | 1995-11-22 | 1998-07-07 | F.M.E. Corporation | Method and apparatus for authentication of postage accounting reports |
| US7212632B2 (en) | 1998-02-13 | 2007-05-01 | Tecsec, Inc. | Cryptographic key split combiner |
| US6694433B1 (en) * | 1997-05-08 | 2004-02-17 | Tecsec, Inc. | XML encryption scheme |
| GB2329096A (en) * | 1997-08-29 | 1999-03-10 | Ncipher Limited | Creating sub-keys from hashed cryptographic master key |
| DE19748954A1 (en) * | 1997-10-29 | 1999-05-06 | Francotyp Postalia Gmbh | Producing security markings in franking machine |
| US8077870B2 (en) | 1998-02-13 | 2011-12-13 | Tecsec, Inc. | Cryptographic key split binder for use with tagged data elements |
| DE10136608B4 (en) * | 2001-07-16 | 2005-12-08 | Francotyp-Postalia Ag & Co. Kg | Method and system for real-time recording with security module |
| US20050015344A1 (en) * | 2003-06-26 | 2005-01-20 | Pitney Bowes Incorporated | Method and system for detection of tampering and verifying authenticity of a 'data capture' data from a value dispensing system |
| US8938400B2 (en) | 2006-12-20 | 2015-01-20 | International Business Machines Corporation | Apparatus, system, and method for checking the health of encryption key managers |
| DE102008018001A1 (en) * | 2008-04-09 | 2009-10-22 | Siemens Aktiengesellschaft | Method and device for transmitting messages in real time |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA1235224A (en) * | 1983-08-19 | 1988-04-12 | Eiji Okamoto | Device for calculating a charge for a charged information signal with errors avoided in a report of the charge |
| US5005200A (en) * | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
| DE4003386C1 (en) * | 1990-02-05 | 1991-05-23 | Siemens Ag, 1000 Berlin Und 8000 Muenchen, De | |
| US5073935A (en) * | 1990-12-17 | 1991-12-17 | Jose Pastor | Method for secure communication |
| US5448641A (en) * | 1993-10-08 | 1995-09-05 | Pitney Bowes Inc. | Postal rating system with verifiable integrity |
-
1995
- 1995-09-14 CA CA002158290A patent/CA2158290A1/en not_active Abandoned
- 1995-09-20 GB GB9519230A patent/GB2293737A/en not_active Withdrawn
Also Published As
| Publication number | Publication date |
|---|---|
| GB2293737A (en) | 1996-04-03 |
| GB9519230D0 (en) | 1995-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1259704A (en) | System for detecting unaccounted for printing in a value printing system | |
| CA1301336C (en) | Postage payment system employing encryption techniques and accounting for postage payment at a time subsequent to the printing of postage | |
| CA1331640C (en) | Document authentication system | |
| EP0600646B2 (en) | Method and apparatus for producing and authenticating a secure document | |
| US8255694B2 (en) | System and method using information based indicia for securing and authenticating transactions | |
| US4893338A (en) | System for conveying information for the reliable authentification of a plurality of documents | |
| US4725718A (en) | Postage and mailing information applying system | |
| EP0647925B1 (en) | Postal rating system with verifiable integrity | |
| US6073125A (en) | Token key distribution system controlled acceptance mail payment and evidencing system | |
| CA2391690C (en) | Method for authenticating mailpieces | |
| EP0154972A2 (en) | Method and apparatus for verifying postage | |
| AU771315B2 (en) | System and method for linking an indicium with a mailpiece in a closed system postage meter | |
| JPS6315387A (en) | Postage paying apparatus and accounting of postage | |
| GB2225287A (en) | Verification of items as components of a batch. | |
| CA2158290A1 (en) | Postage evidencing system with secure summary reports | |
| AU2002226272B2 (en) | Method for providing letters and parcels with postal remarks | |
| US8255334B2 (en) | Method for providing postal items with postal prepayment impressions | |
| GB2211643A (en) | Authentication of a plurality of documents | |
| US20080109359A1 (en) | Value Transfer Center System | |
| Tygar et al. | Cryptographic postage indicia | |
| Tygar | Designing Cryptographic Postage Indicia |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Dead |