CA2642142A1 - Secure system for conducting electronic transactions and method for use thereof - Google Patents

Abstract

A system is described for conducting transactions with electronic verification of the status of the requesting party by the providing party. A host microprocessor with an associated memory contains a limited-use transaction identification number and user personal identification information corresponding to the limited-use transaction identification number. The limited-use transaction identification number includes a randomly generated number and a time generation stamp. A communication device for communicates with the host computer to activate the limited-use transaction identification number. A transaction is consummated by providing a transaction identification number comprising a random portion and a time stamp portion indicating the time of activating the transaction identification number for use by the requesting user, presenting the transaction identification number by the requesting user to a provider to obtain a product or service, transmitting the transaction identification number by the provider to a host microprocessor for verification of the user and of the status of the transaction identification number, receiving from the host microprocessor personal identification information for verification of the user, obtaining information from the user to compare with the personal identification information obtained from the host microprocessor, and confirming to the host microprocessor that the user has been verified.

Description

SECURE SYSTEM FOR CONDUCTING ELECTRONIC TRANSACTIONS
AND METHOD FOR USE THEREOF
PRIOR APPLICATIONS

This is a continuation-in-part of U.S. Patent Application Ser. No. 09/648,905 entitled "Secure Systein for Conducting Electronic Transactions and Method for Use Thereoi" filed Aug. 25, 2000.
This patent application is also based on and claims priority from U.S.
Provisional Patent Application Ser. No. 60/651,912 entitled "Secure System for Conducting Digital Signatures and Method for Use Thereof' filed Feb. 10, 2005 which is hereby incorporated in its entirety by reference.

FIELD OF INVENTION

The present invention is related to a system and associated method for conducting an electronic transaction, e.g., a bank card service involving the electronic distribution of credit and debit card numbers "on demand." More particularly, the invention relates to a system and method in which transaction identification numbers are electronically created, assigned and issued on demand at the request of consumers, e.g., credit or debit cardholders, and/or at regular frequency as determined by number issuers, e.g., card issuers, or their agents. The transaction identification numbers can be electronically transferred across wired and wireless telecommunications links for use in various transactions including but not limited to electronic payment transactions.

BACKGROUND OF THE INVENTION

In the case of postage stamps, proposals and practices exist today for including unique identifiers in the form of machine-readable codes similar to PC
postage. Common to these proposals and practices is the use of a unique identifier to facilitate conventional postage payment methods. The assigned postage is typically a static value based upon a limited-use of goods or services.

This is an inferior process and practice that sustains an environment of inconvenience when it comes to the processing of deliverable items (e.g.
cards, letters, packages, bundles, shipping containers, etc.) From the perspective of senders, one example of inconvenience occurs when a sender fails to use enough postage. This can result in the deliverable item being "short paid" and removed from the mail stream for return to the sender.
From the perspective of government postal service providers, the inconvenience can also prove expensive. Because pre-printed postage stamps (e.g. stamps sold from a vending machine) are assigned a static value, senders are often left with having to use multiples of stamps to cover the costs for mailing a single deliverable item.
This leaves postal services having to face unnecessarily high costs for printing and distributing postage stamps for public use.
The problem of unnecessary cost for printing and distributing preprinted postage stamps can be further heiglitened due to the demand for short-run specialty stamps that may be used by non-profit organizations and other groups to raise money for special causes.
Accordingly, it is desirable to provide a system and associated method for conducting electronic transactions e.g., a postal service involving the electronic distribution of deliverable item identifiers "on demand." More particularly, the invention relates to a system and method in which transaction identification numbers are electronically created, assigned and issued on demand at the request of inerchants, e.g., senders of deliverable items (e.g. cards, letters, email, packages, bundles, data packets, shipping containers, etc.), and/or at regular frequency as determined by number issuers, e.g., card issuers, or their agents. The transaction identification numbers can be electronically transferred across wired and wireless telecommunications links for use in various transactions including but not limited to electronic payment transactions.
For the purpose of this application, terms such as "credit card" and "debit card", "cardholder", "card issuer" and "card service" are used as a matter of convenience for clarity of describing examples. However, it is likely that these terms will lose relevance over time and, in fact, the present invention helps bring that about in light of the advancements it offers for electronic transactions involving credit and debit card numbers and numerous other varieties of transactions such as, e.g., electronic check numbers processed through an automated clearinghouse, telephone numbers processed through a central switch, Internet protocol addresses and Uniform Resource Identifiers transferred across a computer network, digital certificates and signatures, and the like.

SUMMARY OF THE INVENTION

The present invention provides a new and improved system and methodology of conducting transactions with electroiuc verification of the status of the requesting pariy (e.g., customer) by the providing party (e.g., merchant) and authorization for the transaction payment, if required. For example, in a bank card service in which credit and debit card numbers can be issued electroiucally and transferred across wired and wireless telecommunications links, newly assigned credit and debit card numbers can be regularly issued for use in electronic payment transactions at the request of cardholders and/or at regular frequency as deternvned by card issuers or their agents. Such numbers are electronically posted in conjunction with personally identifiable information such as, e.g., the mailing address of cardholder who has been assigned the nuinber, or with non-personally identifiable information, e.g., demographic or fmancial profile information of the cardholder who has been assigned the number, or a digital certificate or signature, or even a random or selected alphanumeric string known to the cardholder, as a means for merchants or their agents to quickly verify such information presented at the point of sale (or by telecommunications, or the like) to identify the presenter as the autliorized user of the number and, if required, confirm authorization for payment in the transaction.
In accord witli the present invention, a system for conducting transactions with electronic verification of the status of the requesting party by the providing party comprises a host microprocessor with an associated memory and a communication device for communicating with the host computer, wherein the memory contains a limited use transaction identification number linked with personal identification uiformation (e.g., personally identifiable information (i.e., personal information) and/or non-personally identifiable information) of the number holder (e.g., cardholder) who has been assigned the number, wherein the limited use transaction identification number comprises a randomly generated number and a time generation or activation stamp. The transaction identification number can be used for a wide variety of purposes such as, for example, authorizing payment for purchases of goods or services in a transaction, for authorizing access to information, or for authorizing transfer of information, etc.

In accord with the present invention, a method for electronically providing a transaction identification number to a requestor comprises forming a teleconamunications connection between the requestor at a first location and a host microprocessor of the number issuer (e.g., card issuer or card issuer agent) at a second location, said host microprocessor being connected to a data storage system with memory, providing personal identification information by the requestor to the host microprocessor, issuing a transaction identification number and assigiiing it to the requestor, storing the transaction identification number in conjunction with the personal identification iuiformation in the memory and transferring the transaction identification number to the requestor by the telecommunications connection.
In a preferred embodiment of the invention, a trailsaction identification number is issued to a user by the following steps: opening a communication linlc between the user and a host microprocessor having an associated memory storage device;
verifying the identity of the user by a predetermined protocol'; requesting a transaction identification number to be~ generated for limited use by the user in accord with a specified liniitation;
providing the transaction identification by the host microprocessor from a pool of available numbers, the transaction identification number comprising a random portion and a time stamp portion uidicating the time of activating the transaction identification number for use by the requesting user; transmitting the transaction identification number to the user;
storing the transaction identification number in the associated memory with a link to associated personal identification information of the authorized user aild to the specified limitations; and notifying the transaction processing network (e.g., bank network) of the activated transaction identification number. Further, when the specified limitation has been satisfied, the transaction identification number is deactivated and the random portion of the number is returned to the pool of available numbers for subsequent selection and association with subsequent user. When the random portion is subsequently used, the transaction identification number will be different due to the time stamp portion and the personal identification information associated therewith will be different.
Thus, fraudulent use of a transaction identification number is highly unlikely. Typically, the time stamp portion will provide the date and also can provide other desired indicia of the time of activation of the transaction identification number. ' Further, in accord with the present invention, a transaction is consummated using a trailsaction identification number comprising a random portion and a time stamp portion indicating the time of generating or activating the transaction identification number for use by the requesting user by the following steps: presenting the transaction identification number by the requesting user to a provider to obtain a product or service;
transmitting the transaction identification number by the provider to a host microprocessor for verification of the user and of the status of the transaction identification number; receiving fi-om the host microprocessor personal identification information for verification of the user; obtaining information from the user to compare with the personal identification inforniation obtained from the host inicroprocessor; confirming to the host microprocessor that the user has been verified; and receiving authorization from the host microprocessor, if required, for payment for the transaction. Where the transaction identification nuinber is used only to confirrn identification of the user and no payment is required, e.g., where access to information is sought for a club member, the final step can be omitted. Also, the personal identification information can be transmitted to the host microprocessor as part of the transaction for coinparison with user information stored in inemory and the host computer transmit a confirmation signal verifying the user.
To aclueve the objective of averting unauthorized use, the invention takes full advantage of the inlierent randomness of a pool of numbers. It creates the means for these numbers to be regularly assigned and issued for use for a limited period of time or limited circumstances and to be re-circulated among user populations with the assurance that any one number is assigned to only one user at any given point in time.
In preferred embodiments of the invention, users and number issuers (e.g., cardholders and card issuers) or their agents can exercise regular systematic control over the "life span" of individually assigned numbers (e.g., credit and debit card numbers). The range of this control can vary such that assigned numbers are limited in use to only a certain total number of authorized traiisactions, to only a specified period of time, to a series of transactions only in conjunction with specific merchant or other specific providers of goods and services, to "one-time-use" whereby newly-issued numbers are good for a only a suigle transaction, and the like, etc.
Whatever the specified limitation, once the life span of an individually assigned transaction identification nuinber comes to an end, a change in activity status is iinmediately made by the host microprocessor. The random portion of the number is removed from circulation and earmarked for return to the available number pool and eventual re-assignment. The length of time before a number is actually returned to the pool can depend on specific legal requirements or specific guidelines adhered to by the number issuer (e.g., card issuer) or its agent. However, no transaction identification number can be ever duplicated in accord with preferred einbodiments of tlus invention.
According to a preferred embodiment of the invention, number issuers (e.g., card issuers) or their agents will be able to electronically post newly activated transaction identification numbers (e.g., credit or debit card numbers) to a secure web server and or other host server in conjunction with personal identification information, (e.g., personal information of the user such as the mailing address) of users (e.g., cardholders), to whom the numbers have been assigiied. This offers further protection against unauthorized use of any transaction identification number by enabling merchants and other providers of goods and services or their agents to quickly verify, either over the Internet or by telephone, the personal identification information presented in conjunction with the transaction identification number at the point of sale should that information not otherwise be readily available.
Thus, the present invention provides a process for issuing credit and debit card numbers by electronically transferring them across wired and wireless telecommunications networks. This makes it possible to execute real-time delivery of the newly assigned numbers for use by cardholders in electronic transactions.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates components of a system in accord with one embodiment of the present invention for the electronic distribution of credit and debit card numbers "on demand."
FIG. 2 illustrates an inherent randomness of typical 16-digit credit and debit card numbers.
FIG. 3 illustrates more detailed components of a system in accord with an embodiment of the present invention for the electronic transfer of newly assigned credit or debit card numbers across wired and/or wireless telecommunications links.

FIG. 4 illustrates the process by which the method of the present invention takes full advantage of the inherent randoinness of typical 16-digit credit and debit card numbers.

FIG. 5 illustrates that part of a systein in accord with one embodiment of the present invention involved with electronically posting newly assigiled credit and debit card numbers in conjunction with the mailing addresses of cardholders, to whom the numbers have been assigned, as a means for merchants or their agents to quicldy verify addresses presented at the point of sale.

FIG. 6 illustrates one embodiment of a deliverable item enabled with a maclune-readable code as part of an appended stamp.

FIG. 7 illustrates one embodiment of a deliverable item enabled witli a macliine-readable code in the form of a printed code.

FIG. 8 illustrates one embodiment of an originating deliverable item processuig apparatus with features including a stolen stamps table.

FIG. 9 illustrates one embodiment of an originating deliverable item processing apparatus with features including a log file.

FIG. 10 illustrates one embodiment of a destination deliverable item processing apparatus.
FIG. 11 illustrates one embodiment of an eYample record in a national circulation database.
FIG. 12 illustrates imaging a deliverable item and processing it based on a pre-authorization request to the host computer.

FIG. 13 illustrates getting the user information and comparing it with the information stored in the host computer.

FIG. 14 illustrates how the transaction identification number is applied to a deliverable item.

FIG. 15 illustrates the various steps involved in issuing of the transaction identification number.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 provides an overview of one embodiment of a system for the electronic distribution of credit and debit card numbers "on demand" in accord with a preferred method of electronically transferring newly assigned credit and debit card numbers from the card issuer or its agent to cardholders. In addition, it portrays those components of the conventional bank card network infrastructure involved with processing the numbers for the purpose of obtaining authorizations and coinpleting electronic payment transactions.
At the center of the system is a host computer 1 of the card issuer or its agent.
The host computer includes a inicroprocessor and memory that are used for generating new credit and debit card numbers, updatuig the bank network regarding card nurnber activation and status changes, managing assigned and previously assigned card numbers, maintaining cardholder accounts, granting authorizations and executing all other functions associated with card-based electronic payment transactions. The functions of the host computer can be divided among several computers or servers. An interactive voice response unit 2 (IVR) or other computerized device is provided for interactions with cardholders accessing the host computer primarily'by way of a telephone or other audio transceiver 6. A server 3 is provided for interactions with cardholders using a computerized device for communication and accessing the host computer either directly by modem connection or by Internet connections 5. A wired and/or wireless telecommunications network 4 is used for communications.
Typically, the system includes additional computerized devices 7, including personal or network computers, digital phones or other remote devices, used for direct dial-up or Internet connections by the merchant or service provider. A smart card 8 can be used for portable storage of credit aiid debit card numbers in advance of electronic payment transactions conducted at the point of sale or over the Inteniet. A
point of sale terminal 9 can be used in conjunction with card based electronic payment transactions initiated at the merchant site. Additional IVRs or other computerized devices 10 can be used in conjunction with electronic payment transactions initiated by cardholders accessing primarily by way of telephone transceiver. Further, additional servers 11 can be used in conjunction with electronic payment transactions initiated by cardholders accessing either by way of direct dial-up or Internet connections. A conventional bank network 12 is used for processing payment authorization for card based electronic payment transactions.
In accord witli the invention, cardholders access the system by either a telephone transceiver 6 or a coinputerized device 7. In the case of access by way of telephone traiisceiver 6, the cardholder dials into IVR 2 over a wired and/or wireless telecommunications network 4. Upon connection, the cardholder undergoes the process of authorized user identification or authentication in accord with the application and standards prescribed by the card issuer or card issuer agent. In its simplest forni, authorized user identification can involve keyulg ui a password or personal identification number (PIN). More advanced forms of identification can involve voice print technology or digital confirination provided that the call emanates from an enhanced phone network connection permitting such identification.
Following authentication of the authorized user, the IVR 2 retrieves the cardholder information file that is stored witlun the card issuer or agent host computer 1. Retrieval involves transferring the file a server operating in conjunction with IVR 2 and host 1. This provides an acceptable level of security by restricting cardliolder access to outside the firewall.
Once the cardholder file has been retrieved, the cardholder can initiate a new credit or debit card number request. The request is processed back through the server to host 1.
Upon receiving the request, host 1 exercises a status change to the number previously assigned to the cardholder effectively deactivating the number and removing that number from circulation. An enhanced feature application of the methods of this invention can provide for cardholders to be simultaneously assigned more than one active credit or debit card number and allow individual numbers to retain active status until their specified limitations have been met. Such specified limitations can include, for example, a single authorization per the operational regulations of specific card programs, card issuers and their agents. In such case, the fulfillment of a request for a new credit or debit card number would not necessarily demand that a change ui status occur for a previously assigned number.
In this rnore simplified embodiment, coinciding with or after exercising the change of status for the previous cardholder number, host computer 1 raildoznly generates and assigns a new number from all the possible coinbinations available in the credit and debit number pool and issues that number to the cardholder. At this time, host computer 1 also notifies bank network 12 of the activation of the new number and the change of status to the previous number.
The issuance of the newly assigned credit or debit card number involves having the number transferred baclc to the server then on to IVR 2. Then, the newly assigned number is electronically transferred across the wired and/or wireless telecommunications network 4 as IVR 2 relays the new number in the form of audio waves to the cardholder through telephone transceiver 6.
Upon receiving the number, the cardholder can make a record of the newly assigned number and use the number in an upcoming electronic payment transaction.
Althougli the cardholder can use the transaction identification or credit card number at a merchant site siniply by having it keyed in to point of sale terminal 9, the cardholder also can use the number as part of a mail order/telephone order (MOTO) transaction.
For such transaction, a direct person-to-person connection over the telephone or a voice connection in conjunction with IVR 10 can be used where the number is keyed into or spoken aloud for interpretation by a virtual assistant employing voice recognition technology.
Whichever the case, once the number is conveyed to a merchant, it is handled in the same manner as a transaction involving conventional credit and debit card numbers.
A difference between the niethod of the present invention and conventional credit card numbers can be fowid in the handling of aiiy subsequent attempts by the merchant to obtain additional payment authorizations through use of the number. Whether a particular number can be used for additional payment authorizations depends upon the operational liinitations specified by the cardholder when obtaining the new credit card number or the specific card program of the card issuer or agent.
In the case of access to the host computer 1 by way of computerized device 7, the cardholder can dial directly into server 3 over a wired and/or wireless telecommunications network 4 or can access server 3 over a wired and/or telecommunications network 4 in combination with the Internet using a web browser. Upon connection, the cardholder undergoes the process of authentication in accord with the application and standards prescribed by the card issuer or card issuer agent. As described above, the simplest forin can involve simply keying in a password or PIN in combination with the issuance of a digital certificate. More enhanced forms of authentication can involve more advanced applications of digital certificates or signatures and/or some form of biometrics.

Following successful authentication, server 3 retrieves the cardholder file stored within host computer 1. Retrieval involves transferruig the file to the server, possibly by way of another server operating in conjunction with the server 3 and host computer 1.
This again provides an acceptable level of security by restricting cardholder access to outside the firewall.
Once the cardholder file has been retrieved, the cardliolder uiitiates a new credit or debit card nuinber request. The request is transferred from server 3 to host computer 1.
Upon receiving the request, host computer 1 exercises a status change to the number previously assigned to the cardholder ei~'ectively deactivating the number and removing that number from circulation, provided that another specified limitation is not in effect in which case the previously assigned number can be deactivated already or cail be permitted to stay active as the new number is assigned. In other words, preferred embodiments of the invention permit the user to have a plurality of active transaction identification nutnbers. Coinciding with exercising the change of status, if desired, host computer 1 randomly generates and assigns a new number from all the possible combinations available in the credit and debit number pool and issues that number to the cardholder.
Also, at this time, host computer 1 notifies bank network 12 of the activation of the new number and the change of status to the previous number.
The issuance of the newly assigned credit or debit card number further involves transferring the number back to server 3. Then, the newly assigned number is electronically transferred across the wired and/or wireless telecommunications networl. 4 as server 3 relays the new number to the cardholder in the form of data to computerized device 7 either through download to the hard drive or use of the browser. This transfer also can involve the use of an electronic wallet residing either on computerized device 7 or on a web server, perhaps server 3. In addition, a smart card 8 also can be employed in which the electronic transfer of the credit or debit card number culminates with the number being delivered to smart card 8 via computerized device 7. Alternatively, the new number can be delivered to smart card 8 via point of sale teriminal9, IVR 10 or server 11 (FIG. 1).
Upon receiving the number, the cardholder can immediately use the number for an upcoming electronic payinent transaction, for example, for a transaction conducted either by way of direct dial up or Internet connection to server 11. The process can involve transferring the transaction identification number to the merchant's server 11 with the aid of an electroiuc wallet or trailsferring it by other means, including a page request as- -initiated tlu=ough a browser or a simple key entry. The transaction identification number also can be transferred to the merchant's server 11 or IVR 10 via smart card 8. Whichever the case, once the transaction identification number is conveyed to a merchant, it is handled no differently than conventional credit and debit card nuinbers.
There are various alternative processes by which newly assigned credit and debit card numbers can be electronically transferred within the established bank network or through other channels across wired and/or wireless telecommunications ]inlcs for use in electronic payment transactions. For example, the numbers can be delivered directly to server 11 or to IVR 10 immediately before, during, or in the course of completing such transactions. Such processes are made possible by the advancements offered by this invention.
The inlierent randomness of typical 16-digit credit and debit card numbers is illustrated in FIG. 2. A 16-digit number is used, although the exact number of total digits can vary, as may the exact number of digits allocated for the Bank Identification Number or other specific functions contained in the credit or debit card number.
Looking at this example, the first digit at the left identifies the type of card, for instance "5" for MasterCard and "4" for Visa. The next series of digits comprises the Bank Identification Number (BIN). This is a static number that relates information specific to the card issuer.
It is common that the first digit identifying the card type is included when references are made to the BIN. It is also common that card issuers will be assigned more than one BIN
as a matter of meeting cardholder demand for either credit or debit card numbers. The last digit to the far right is what is commonly called the "checlc digit." It results from the application of a special algorithm and is used for ensuring the integrity of the entire credit or debit card number.
The series of digits between the BIN and the check digit constitute what is mostly a "random" string. It is a string often randomly selected by the card issuer host computer from the pool of available combinations (i.e. those not currently assigned or previously assigned) as a matter of creating and assigning a new credit or debit card number. It is not always the case that the number is randomly selected. As a matter of conventional practice, the string can be a variation of the original number assigned to the cardholder.
However, in accord with this invention, the seven-digit string shown in the example in FIG 2 is treated as a randomly generated number. The present invention takes full advantage of this random feature, creating the meansfor these numbers to be regularly re-circulated ainong cardholder populations with assurance that any one random portion number is assigned to only one cardholder at any given point in time.
FIG. 3 illustrates a more detailed view of the coinponents involved with the preferred method of electronically transferring newly assigned credit or debit card numbers across wired and/or wireless telecommunications linl:s. A host computer 1, which includes a microprocessor and a memory storage unit, is operated by the card issuer or card issuer agent. It is linked via a wired and/or wireless telecommunications network 4 to a telephone transceiver 6, a server 3 or IVR 2, and a computerized device such as, for example device 7 or smart card 8. Server 3 and/or IVR 2 include the following components: custom written application 13, microprocessor 14, hard disk 15 and random access meinory 16. Likewise, the computerized device 7 aiid/or smart card 8 also include the following components: custom written application 17, microprocessor 18, hard disk 19 and random access memory 20.
In operation, RAM 20 or telephone transceiver 6 is coiuiected with the memory of host computer 1 across wired and/or wireless teleconununications links 4 by way of RAM
16. The cardholder request for a new credit or debit card number is relayed from computerized device 7 or telephone transceiver 6 to host computer 1 by way of IVR 2 or server 3 and/or a server working in conjunction with IVR 2. A digital replica of a newly assigned credit or debit card number is electronically transferred from the memory of host computer 1 to RAM 20 or telephone transceiver 6 by way of RAM 16.
Contributing to the method of electronic transfer are also custom written application 13 and custom written application 17. Custom written application 13 is stored on hard disk 15 and operates in conjunction with microprocessor 14. Such application software can be required for transfers done either by access to IVR 2 or server 3 and serves to smooth the operation of sessions conducted in conjunction with host computer 1.
Custom written application 17 is stored on hard disk 19 and operates in conjunction with microprocessor'18. It can be required for transfers done with the aid of a locally stored electronic wallet, an Internet browser, or those transfers culminating with storage to a smart card 8. Such application software may not be required for transfers involving the use of an electroluc wallet residing on a web server, perhaps server 3. In any event such application software can be written as necessary by those of ordinary skill in the art to facilitate communications between components in the system and storage of desired records at appropriate locations.

A custom written application generally also will be required for host computer 1.
This application caii be included as part of the application suite residing within host computer 1 as required for performing all functions associated with carrying out the functions required to iniplement the present invention, as well as keeping suitable finaiicial and historical records for the card issuer. Such application software is readily provided by the skilled programmer.
In the case where the cardholder cliooses to locally store the credit or debit card number following transfer, the digital replica is moved from temporary storage in RAM 20 to more permanent storage on hard disk 19.
A system in accord with the invention also can be configured in a way that would eliminate RAM 16 as an intern7ediary inemory for access made through IVR 2.
However, at present it is understood that this configuration may lessen the degree of security offered by the system.
FIG. 4 illustrates a process by which the invention talces full advantage of the inherent randomness of typical 16-digit credit and debit card numbers. To the right of host computer 1 is a representation of the credit or debit number pool comprised of all possible combinations of 7-digit strings available for selection in conjunction with an individual BIN. The size of this pool can be varied to adequately meet demand within prescribed cardholder populations. To the bottom of host computer 1 is a newly generated 16-digit number consisting of the random portion of the string, i.e., "0104905", which has been randomly selected from the pool in response to a cardholder request. According to a preferred embodiment of the uivention, the number is assigned and then issued by being electronically transferred across wired and/or wireless telecommunications links 4 by way of IVR 2 or server 3 depending on the means by which the cardholder has accessed, the system (see FIGs. 1 and 3).
Above the selected 16-digit number and to the left of the host computer 1 is a depiction of notification being sent to the bank network that the number has been assigned and activated. The contents of this notification can include other information consistent with the operational regulations of specific card programs, card issuers and their agents.
Next above the bank network block 13 is a depiction of the database maintained in conjunction Nvith host computer 1 consisting of previously assigned 16-digit numbers which have undergone a status change and subsequently have been removed from circulation for return to the available number pool and reassigxunent in accordance with the specific legal requirements and/or specific guidelines adhered to by the card issuer or its agent.
FIG. 5 illustrates activation of newly assigned credit and debit card numbers by application of a time stamp indicating the time of activation. The time stamp can consist of any appropriate indication of the activation time, e.g., day, inonth and year of activation; preferably, the hour, day month and year of activation; and more preferably, the minute, hour, day month and year of activation. The time stamp can be incorporated into the number struig in a variety of ways inhabiting various data fields or combinations of data fields available in the number string (for example, it caii conveniently be set as at least part of the data fields currently used for the expiration date). For exceptional security, even the "seconds" of a chronometer can be included 'ui the tune stamp. With the time stamp showing tiine of activation, the transaction identification number is electronically posted in conjunction with personal identification information (e.g., the mail'uig address, or other unique information) of the cardholder to whom the number has been assigned as a means for merchants or their agents to quickly verify such personal identification information presented at the point of sale to confirm an authorized user. Such personal information need not be presented directly to the merchant. It can be entered by the cardholder for comparison in the system with only a confirmation or verification signal provided to the merchant.
This aspect of the invention involves the posting of transaction identification nuinber and the personal identification information in a manner that will provide merchants or their agents a means to access the information without comprising cardliolder security.
The personal identification information preferably can be posted to either IVR
2 or server 3, or to other appropriate IVRs or servers in the system. The posting can take place automatically as a matter of normal process following cardliolder application and acceptance into the specific card program. This same information may be required from the requesting cardholders as they receive a new limited use credit or debit card number in accord with the invention.
The information required for access to cardholder personal information by a merchant (or to request confirmation of the authorized user) is the newly assigned credit or debit card number in conjunction with the time stamp, which preferably is a simple derivative resulting from the time at which the number was officially activated or issued.
The tiine stamp, for example, can take the form of "mmddyyyyhlunm" denoting a sequeilce oi- numbers pertaining to the month, day, year, hour and minute of issuance. A
more extended form might include "ss" for the exact second at which issuance occurred.
The combination of the 16-digit number and the time stamp is illustrated in FIG. 5.
In actuality, the two come together to form a"super string," which is the transaction identification number (e.g., credit card number). In the illustrated case, the transaction identification number is the 28-digit string "5410940001049055081119991200,"
which includes the random portion "0104905" and the time stamp "081119991200"
depicting the official date aiid time of issuance as being noon on August 11, 1999.
An importaiit feature of the transaction identification number in accord with the invention is that the time stainp indicates the time of generation, activation or issuance (which in preferred embodiments will indicate essentially the same time), not the expiration date. Thus, one looking at the time stamp has no idea whether it is valid.
Validation must occur through the bank network or through other user verification and transaction authorization. However, there is no preclusion of the use of an expiration time or date.
Indeed, there inay be occasions where the coinbination of an activation time and an expiration time is desirable. As used herein, the term "time" includes date.
The delivery of the super string to cardholders takes place within the framework described above for the electronic transfer of the credit and debit card numbers to cardholders as part of the issuance process. The posting of the super string to the IVR or server for use by merchants or their agents also occurs simultaneously within the same framework as a step, preferably during the issuance process.
Once posted, the super string serves as a unique password for access to the file contaiuling the cardholder identification information on the IVR or server. Of course, merchants or their agents must first acquire the date/time derivative in conjunction with the electronically issued transaction identification number in order to complete the super string. Further, once the number is deactivated, access to the personal identification information can be denied.
There are various ways in which the "super string" can be provided to the merchant or agent. The cardholder simply can convey the super string to the merchant at the point of sale by physical presence or by telephone. Also, the super string can be electronically conveyed (as with the presentment of the credit or debit card numbers) for use in electronic transactions as a inatter of the transaction process. This can be done tllrough the variety of means described above (e.g., voice recognition, electronic wallet, browser, smart card, or other similar type means). However, by whatever means they receive the transaction identification number, the merchant or agent then can use it for authorized access to the cardholder personal inforination for the purpose of verifying that information provided in conjunction with the use of credit and debit card numbers at the point of sale or for accessing or transferring additional personal information that was not presented.
This can be carried out either over the Internet or by telephone. In each case, the merchant or agent simply presents the super string at the IVR or server for access to the particular information in the file of the cardholder of record for the random portion of the number and time stamp at that time. To ensure cardholder security, steps can be taken to allow an uidividual super string to be used only once for access to the cardholder ulformation. Further, such security measures can provide that once a particular number is deactivated, access to personal uiformation is denied.
A wide variety of limitations on the use of a super string can be envisioned readily.
In one embodiment, the super string can be augmented with an additional data field that identifies a particular merchant, e.g., an electronically issued digital certificate that permits use only by the specified inerchant and, if payment is involved, provides payment only to an account previously specified by that merchant. The various ways to lunit the use is subject only to practical considerations and the writing of application software to operate the system with such limitations.
Thus, the present invention provides a new and improved system and methodology for conducting transactions particularly where at least a portion of the transaction is conducted electronically, for example, a bank card service in wliich credit and debit card numbers are generated, activated and issued by electronic transfer across wired and wireless telecommunications linl:s, credit and debit card numbers are ti.me stamped upon activation so as to create unique numbers for limited use, newly-assigned limited use credit and debit card numbers are regularly issued for use in electronic payment transactions at the request of cardholders and/or at regular frequency as determined by card issuers or their agents, and transaction identification numbers are electronically securely posted in conjunction with personal identification information (e.g., personal information such as mailing address or demographic or financial profile information) of cardholders who have been assigned those numbers as a means for mercliants or their agents to quickly verify the personal information presented at the point of sale to confirm an authorized user. The confirmation of the authorized user can involve providing access to additional personal ffuormation or transterring additional personal information to the merchant or other providers of goods and services.
The hardware components needed for implementing this invention are currently in elistence. However, it is expected that some custom written applications caii be desired to assure smooth Ilow within the system. Such software can be readily written be a skilled programmer. An example may be an application allowing the card issuer or agent host computer(s) to automatically execute status chauges to credit and debit card numbers in circulation after a specified event has occurred limiting use of the card.
One aspect of the invention involves the method of creatuig a "super string"
for the purpose of faciMating transactions and permitting cardholder verification by merchants or their agents. The super string is frequently utilized in the forin of a credit or debit card or a pseudo credit or debit card. However, the super string can be utilized in a wide variety of transactional situations.

ADDITIONAL EMBODIMENTS

The following additional embodiment provides a new and improved system and methodology of conducting transactions with electronic verification of the status of the requesting party (e.g., inerchant) by the providing party (e.g., postal service provider) and authorization for the transaction payment, if required. For example, in a postal service in which deliverable item identifiers can be issued electronically and transferred across wired and wireless teleconununications links, newly assigned transaction identification numbers can be regularly issued for use in postal service transactions at the request of merchants and/or at regular frequency as determined by card issuers or their agents (e.g. postal service providers). Such numbers are electronically posted in conjunction with personally identifiable inforination such as, e.g., the mailing address of the merchant who has been assigned the number, or with non-personally identifiable information, e.g., demographic or financial profile information of the merchant who has been assigned the number, or a digital certificate or signature, or even a random or selected alphanumeric string known to the mercllant, as a means for postal service providers or their agents to quickly verify such information presented at the point of sale (or by telecommunications, or the like) to identify the presenter as the authorized user of the number and, if required, confirm authorization for payment in the transaction.

ln accord with the present invention, a system for conducting transactions with electronic verification of the status of the requesting party by the providing party comprises a host microprocessor with an associated memory and a communication device for comniunicating with the host computer, wherein the memory contains a limited use transaction identification number linked with personal identification information (e.g., personally identifiable information (i.e., personal information) and/or non-personally identifiable information) of the nutnber holder (e.g., merchant) who has been assigned the number, wherein the limited use transaction identiCcation number comprises a randomly generated number and a time generation or activation stamp. The transaction identification number can be used for a wide variety of purposes such as, for example, authorizing payment for purchases of goods or services in a transaction, for authorizing access to iuiformation, or for authorizing transfer of information, etc.
In accord witli the present invention, a method for electronically providing a transaction identification number to a requestor comprises forming a telecommunications connection between the requestor at a first location and a host microprocessor of the number issuer (e.g., card issuer or card issuer agent) at 'a second location, said host microprocessor being connected to a data storage system with memory, providing personal identification information by the requestor to the host microprocessor, issuing a transaction identification number and assigning it to the requestor, storing the traiisaction identification number in conjunction with the personal identification information ui the memory and transferring the transaction identification number to the requestor by the telecommunications connection.
In a preferred embodiment of the invention, a transaction identification number is issued to a user by the folloNving steps: opening a communication linl:
between the user and a host microprocessor having an associated memory storage device;
verifying the identity, of the user by a predetermined protocol; requesting a transaction identification number to be generated for limited use by the user in accord with a specified limitation;
providing the transaction identification by the host microprocessor from a pool of available numbers, the transaction identification number comprising a random portion and a time stamp portion indicating the time of activating the transaction identification number for use by the requesting user; transmitting the transaction identification number to the user;
storing the transaction identification number in the associated inemory with a link to associated personal identification informatioii of the authorized user and to the specified limitations; and notifying the transaction processing network (e.g., bank network) of the activated transaction identification number. Further, when the specified limitation has been satisfied, the transaction identification number is deactivated and the random portion of the number is returned to the pool of available numbers for subsequent selection and association with subsequent user. When the random portion is subsequently used, the transaction identification number will be different due to the time stamp portion and the personal identification information associated tlierewith will be different.
Thus, fraudulent use of a transaction identification number is highly unlikely. Typically, the time stamp portion will provide the date and also can provide other desired indicia of the time of activation of the transaction identification number.
Further, in accord with the present invention, a transaction is consummated using a transaction identification number comprising a random portion and a time stamp portion indicating the time of generating or activating the transaction identification number for use by the requesting user by the following steps: presenting the transaction identification number by the requesting user to a provider to obtain a product or service;
transmitting the transaction identification number by the provider to a host microprocessor for verification of the user and of the status of the transaction identification number;
receiving from the host inicroprocessor personal identification information for verification of the user;
obtaining information from the user to compare with the personal identification information obtained from the host microprocessor; confirniing to the host microprocessor that the user has been verified; and receiving authorization from the host microprocessor, if required, for payment for the transaction. Where the transaction identification number is used only to confirm identification of the user and no payment is required, e.g., where access to information is sought for a club member, the final step can be omitted. Also, the personal identification information can be transinitted to the host inicroprocessor as part of the transaction for comparison witli user information stored in memory and the host computer transmit a confirmation signal verifying the user.
To achieve the objective of averting unauthorized use, the invention takes full advantage of the inherent randomness of a pool of numbers. It creates the means for these numbers to be regularly assigned and issued for use for a limited period of time or limited circumstances and to be re-circulated ainong user populations with the assurance that any one number is assigned to only one user at any given point in time.

In preferred embodiments of the invention, users and number issuers (e.g., merchants aiid postal service providers) or their agents can exercise regular systematic control over the "life span" of individually assigned numbers (e.g., deliverable item identifiers). The range of this control can vary such that assigned numbers are limited in use to only a certain total number of autliorized trailsactions, to only a specified period of time, to a series of transactions only in conjunction with a specific postal service provider or other specific providers of goods and services, to "one-fiime-use" whereby newly-issued numbers are good for a only a single transaction, and the like, etc.
Whatever the specified limitation, once the life span of an individually assigned transaction identification number comes to an end, a change in activity status is inimediately made by the liost nucroprocessor. The random portion of the number is removed from circulation and earmarked for return to the available number pool and eventual re-assignment. The length of time before a number is actually returned to the pool can depend on specific legal requirements or specific guidelines adhered to by the number issuer (e.g., postal service provider) or its agent. However, no transaction identification number can be ever duplicated in accord with preferred embodiments of this invention.
According to a preferred embodiment of the invention, number issuers (e.g., postal service providers) or their agents will be able to electronically post newly activated transaction identification numbers (e.g., deliverable item identifiers) to a secure web server and or other host server in conjunction with personal identification information, (e.g., personal information of the user such as the mailing address) of users (e.g., merchants), to whom the numbers have been assigned. This offers further protection against unauthorized use of any transaction identification nuinber by enabling postal service providers and other providers of goods and services or their agents to quickly verify, either over the Internet or by telephone, the personal identification information presented in conjunction with the transaction identification number at the point of sale should that information not otherwise be readily available.
Thus, the present invention provides a process for issuing deliverable item identifiers by electronically transferring them across wired aiid wireless telecornmunications networks. This mal:es it possible to execute real-time delivery of the newly assigned numbers for use by merchants in postal service transactions.

Relerring to Fig. 6, illustrated is one embodiment of a deliverable item 600 enabled with a machine-readable code as part of an appended stamp (e.g. postage stamp).
According to one embodiment, machine-readable code 601 comprises information suitable in meeting the requirements of a r~ndom portion of a transaction identification number.
This may be in addition to other information required for enabling the identif cation, tracking aiid control of deliverable items as they are processed in conjunction with a postal service provider system.
Fig. 7 illustrates one embodiment of a deliverable item 700 enabled with a machine-readable code 701 in the forin of a printed code. According to one embodiment, machine-readable code 701 comprises information suitable in meeting the requirements of a random portion of a transaction identification number. This may be in addition to other information required for enabling the identification, tracl:uig and control of deliverable items as they are processed in conjunction with a postal service provider system.
Figs. 6 and 7 illustrate the use of a dot matrix code and a barcode respectively.
However, the invention is not limited by the code symbology as any current or future code symbology can be used so long as it meets the requirements of the present invention. The machine-readable codes can also be used in addition to and/or in combination with other codes in order to meet the requireinents of the present invention.
What follows is a description of one einbodiment of the present invention as one example of its operation in conjunction with a postal service provider system.
A general postal service provider system for use in conjunction with deliverable items enabled with machine-readable codes is described as part of U.S. Patent No. 6,415,983 filed Feb. 26, 1999 entitled "Unique Identifier Bar Code on Stamps and Apparatus and Method for Monitoring Stainp Usage Nvitli Identifier Bar Codes" and U.S. Patent No.
6,398,106 filed Nov. 6, 2000 entitled "Unique Identifier Bar Code on Stamps and Apparatus and Method for Monitoring Stamp Usage with Identifier Bars" which are hereby incorporated in their entirety by reference.
For the purposes of exaanple, a merchant or merchant agent forwards a deliverable item in the form of a letter to a targeted consumer whose address was obtained either from an internal customer list or a mailing list purchased from an outside source.
Embedded within the letter is hard copy reply mail in the form of a business mail card containing additional information. The business card mail also contains an address designated by the rnerchant that inay be an address other than the originating address. In addition, both the letter and the business card mail are each enabled with a printed machine-readable code as illustrated in FIG. 7 in wliich the random portion of the transaction identification number was transferred to the requestor location for printing across a wired and/or wireless telecoinmunications network following a process of authentication in accord with the application and standards prescribed by the card issuer or card issuer agent.
The merchant or merchant agent sends the letter by forwarding it to a post office where it is forwarded for processing. FIG. 8 illustrates one embodiment of an originating deliverable item processing apparatus 800 useful in meeting the requirements of the present invention. Originating deliverable item processing apparatus 800 generally operates in conjunction Nvith one or more additional originating and destination deliverable item processing apparatuses located inside one or more deliverable item processing plants connected to a, delivery transport mechanism within the postal service provider system.
The letter is deposited into input queue 801. From there the letter is fed onto deliverable item conveyor 802 which is typically a series of belts designed to transport deliverable items tlu-ough the processing apparatus to a multi-bin stacker generally indicated by 810. The inulti-bin stacker has a plurality of bins 810A, 810B, 810C, 810D, 810E, 810F into which deliverable items can be directed by deviators 811 (6 shown).
Along the length of the deliverable item conveyor 802 (which need not be a straight line) various devices are placed to perform actions upon the deliverable items as they pass by.
There is a processing and control block generally indicated by 808 wluch is intended to represent most of the processing and control functionality of the deliverable item processing machine. This may be implemented in one or a series of computer platforms with one or multiple processors. The processing and control block is connected to receive the digitized images taken by the camera 804 and the weights measured by the weighing module 805. It is also connected to control the deviators 811 forming part of the multi-bin stacker 810 so as to be able to precisely control into whicli bin a given deliverable item is to be diverted. While the camera 804 preferably takes an image of the entire front surface of the deliverable item, it (or a combination of cameras) must at least take one or more images which collectively include the destination information and the machine readable codes.
The processing and control block 808 includes optical character recognition software for analyzing digitized images received from the camera 804, and more particularly for processing the machine readable code on each deliverable item, and for aeterminmg the destination information. The processor and control block 808 also includes functionality which allows a determination of a required postage for various destinations for a given weight of a deliverable item.
Continuing with one example, camera 804 takes an image of the front surface of the deliverable item, digitizes this and passes it to the processing and control block 808.
The processing and control block 808 performs character aiid word recognition to identify the destination information and to find and decode the machine readable code and recover the data elements represented by the machine readable code. The processuig and control block 808 determines a required postage based on the destination information, the weight and possibly other available information [e.g. class or type of mailing or shipment;
additional selected goods and services such as, for example, special handling or delivery that inay be offered as a premium (e.g. priority, express, urgent, oversized or overweight, hazardous materials); taxes, tariffs or fees (e.g. insurance) based upon contents, point of origination (e.g. country), final destination (e.g. country), anticipated or updated routing information, etc.) According to one embodiment, the processing control block 808 prepares an authorization request to place a hold against the merchant's account (e.g.
credit or debit card account). The authorization request is comprised of any relevant available information (e.g. merchant identification information) in accord with the application and standards prescribed by the card issuer or card issuer agent. The authorization request is submitted aloiig with the deliverable item identifier to the card issuer or agent for approval.
During the course of the transaction, the random portion of the transaction identification number is recorded in conjunction with an additional field of data indicating date and/or time. Additioiial einbodiments provide for other information to also be recorded in various fields such as, for example, a number and/or other identity (e.g. serial number, name, address, etc.) provided by the postal service provider for the processing apparatus from Nvhich the authorization request was submitted.

Continuing with one embodiment, the transaction identification number is stored in memory with a link to the personal identification information (e.g., the mailing address, or other unique information) of the merchant to whom the number has been assigned and to the specified limitations. In the case that the personal identification information comprises a credit or debit card nurnber or other account access number, the authorization request may be submitted via an available network connection to the transaction processing network (e.g., batik network) using the credit or debit card number or other account access number on fie. Alternatively the transaction identification number may be combined with other available information (e.g. delivery service provider identifier, system identifier, bank identification nuinber, processing bin number, merchant identification, check digit, digital certificate or signature, a ratidom or selected alphauumeric string known to the merchant, etc.) to form a transaction identification nuinber (e.g. credit or debit card number or other account access number) suitable for processing the authorization request using the transaction processing network (e.g. bank network).

If authorization is unsuccessful, this fact is identified in real time and the processuig and control block 808 controls the stacker deviators 811 such that the letter is diverted to a bin whicll has been allocated to receive failed authorization deliverable items, for example bin 810A which is labeled "Failed Auth."

If authorization is successful, then normal processuig of the letter is coinpleted, and the letter is diverted to a bin for transport, for example one of the bins 810C, 810D, 810E, 810F. According to one einbodiment, successful authorization results in the notification of the transaction processing network (e.g., postal service networlc) of the activated transaction identification number. Further, when the specified limitation has been satisfied, the transaction identification number is deactivated and the random portion of the number is returned to the pool of available numbers for subsequent selection and association with subsequent user.

Additional einbodiments invohling the use of authorizations for processing deliverable items provide for initial authorizations to result in a sale rather than, for example, a hold against a inerchant's credit account. Other embodiments provide for the possibility of authorizations being conducted without the requirement of electronic payment and at various locations within the postal service provider system.

In another embodiment of the invention, a deliverable item processing apparatus is provided which can detect stolen deliverable item identifiers. A stolen stamps table 809 eittier torming part of or accessible to the processing and control block 808 is provided for storing deliverable item identifiers of stamps which have been stolen. As before, the camera 804 takes an image of the front service of the deliverable item, digitizes it and passes the image to the processing and control block 808. The processing and control cloclc performs recognition and decoding of the machine-readable code on each stamp to recover the data elements and to determine a deliverable item identifier for each stanlp.
Next, the deliverable item identifier on each stamp is compared to the identifiers in the stolen stamps table 809 in real time by the processing and control block 808.
If there is a match, then the deliverable item is directed to a particular bin selected for deliverable items with fraudulent stamps, for example, bin 810B whicli is labeled "Fraud Stamps."

Referring now to FIGS. 9 to 11, in another embodiment of the present invention, systems and methods for preventing the fraudulent reuse of a stamp are provided. FIG. 9 is a view of a system according to the present invention showing the details of an originating deliverable item processing apparatus 900, and FIG. 10 is a view of the same system showing the details of a destination deliverable item processing apparatus 1000.
Although not shown, it is of course assumed that the originating deliverable item processing apparatus 900 and the destination deliverable item processing apparatus 1000 each interface to a delivery transport mechanism. In this embodiment, each originating deliverable item processing apparatus (900 of FIG. 9) is equipped with a deliverable item identification tag printer 906 capable of printing a machine-readable code (e.g. a bar code in fluorescent ink on the back of the deliverable item) which uniquely identifies the deliverable item. Such identification tag printers are well known in the U.S.
and Canadian postal systems for example. In addition, the originating deliverable item processing apparatus is connected via a network connection to a national circulation database (more generally some sort of a "remote depository").

Preferably, the originating deliverable item processing ap paratus also has a destination identification tag reader 903 and a destination tag printer 907.
In such apparatuses, the first time a deliverable item is processed by an originating deliverable item processing machine, the destination information is processed using optical character recognition, and a destination identifier is determined. This destination identifier might be a postal code or a zip code for example. The destination identification tag printer 907 then prints a destination identification tag determined from the destination identifier on the deliverable item in the form of a machine readable code (e.g. fluorescent bar code) and all subsequent routing of the deliverable item is performed on the basis of the destination identifier and/or the destination identification tag. This avoids the need for downstream deliverable item processing apparatuses to reprocess the destination information. The destination identification tag reader 907 is provided to identify deliverable items which have already been processed by an originating deliverable item processing machine. This will occur for example when a deliverable item is incorrectly addressed and the incorrect receiver puts the deliverable item back into the system for reprocessing. This is standard technology in deliverable item processing and delivery and will not be discussed in further detail here. This is described simply to point out tliat the destination identifiers already used in the routulg of deliverable items may also be used as destination identifiers for the purposes described in detail below, although other forms of destination identifiers may be alternatively used.

The national circulation database contains a table of all stamps wluch are in circulation. Inforination is stored ui the national circulation database in the form of records such as illustrated in FIG. 11. In this example each record has five fields, namely a field for the buyer (e.g. merchant) personal identification information, a field for storing the transaction identification number or range identifier assigned to a particular inerchant, an identification tag field for storing a corresponding identification tag which has been applied to a given deliverable item, a destination identifier field for identifying a destination deliverable item processing plant and a date field for identifying the date that the identification tag and destination identifier were input to the database.

Referring now to FIG. 10, the destination deliverable item processing apparatus 1000 has an input queue 1001, a deliverable item conveyor 1002, a multi-bin stacker 1010, with stacker bins 1010A-1010F under control of a processing and control block 1008. In addition, there is an identification tag reader 1003 for reading the identification tag of a deliverable item applied by a deliverable item processing apparatus 900. The processing and control block 1008 has, or has access to, an identification tags list 1009, the purpose of which will be described below.

When a deliverable item is processed by an originating deliverable item processing apparatus 900, i.e. the first time it is processed by aiiy machine, the deliverable item identification tag printer 906 prints an identification tag which uniquely identifies the deliverable item with a machine readable code (e.g. fluorescent ink on the back of the envelope).

Next, the camera 904 takes an image of the front surface of the deliverable item and passes this to the processing and control block 908 which determines the machine-readable code data elements, and the destination identifier from the destination information. In particular, a unique identifier is deterniined. For each stamp, a record in a log file 909 is created consisting of the unique identifier (e.g. serial number in conjunction with date and/or time), the identification tag and the destination identifier.
These records are transferred periodically to the national circulation database via a network connection.

The process by whicli the national circulation database maintains the list of stamps which are in circulation consists of adding new records to the database for new stamps, and subsequently deleting records from the list in accord with specified limitations (e.g.
after stamps have been "processed" for at least a predetermined amount of time). The date field in each national circulation database can be used to determine how long it has been since a particular stamp was initially processed by any deliverable item processing machine.
According to one embodiment, after a predetermined period has elapsed after the date entered in the record (i.e. a predetermined time has elapsed since the corresponding stamp was processed by an originating deliverable item processing machine), the record can be deleted from the national circulation database, the assumption being that the deliverable item has reached its destination by that time.

The process implemented by the national circulation database each time it receives a log file record from an originating deliverable item processing apparatus 900 consists of first looking up the record in the national circulation database for the unique identifier contained in the log file record. If the unique identifier is not in the database then it is assumed that the stamp is fraudulent. A message is sent to the processing plant identified by the destination identifier containing the identification tag contained in the log file record. This ends the processing of the record by the national circulation database. In the case that the unique identifier is in the database, the record in the database is checked to ascertain whether an identification tag has already been added to that stamp's record. If not then the identification tag, the destination identifier, and date are added to the record ui the circulation database and the processing of that record ends.
Altematively, if the identification tag is already in the circulation database then the stored identification tag is compared to that received in the log file record. If there is a mismatch between the identification tags then once again the stamp has been fraudulently used. This is dealt with in the same maimer as above, namely by sending a message containing the identification tag to the destination. As discussed below regarding the deliverable item processing apparatus at the destination, deliverable items identified as being fraudulent can be extracted for sortation to a special staclcer bin. Additional embodiments provide for suspect deliverable items to be tlagged and/or directed to a special bin for removal from the mail streain, possible return to sender, or quarantine for further inspection, etc.

The destination deliverable item processing apparatus for a given deliverable item will be any destination deliverable item processing apparatus in the deliverable item processing plant identified by the destination identifier. First, the identification tag of a deliverable item being processed is read using the identification tag reader 1003. The identification tag is then compared to the identification tags stored in the identification tags list 1009 maintained by the destination deliverable item processing apparatus 1000 as described below. If the identification tag is in the identification tags list 1009 then there has been fraudulent misuse of the statnp, and the deliverable itein is directed to a special bin in the multi-bin stacker 1010 for example, bin 1010A labeled "Fraud Mail."
In the event that the identification tag is not in the identification tags list 1009 then normal processing of the deliverable item is completed.

The process implemented by the destination deliverable item processing apparatus to maintain the identification tags list 1009 consists of steps of receiving identification tags from the national circulation database and storing them in the identification tags list 1009, and then subsequently deleting them in accord with specified limitations (e.g.
deleting them from the identification tags list 1009 after the deliverable item is processed or after a predetermined period of time). In the event that a given deliverable item processing plant contains more than one destination deliverable item processing machine, a single message may be sent to the particular deliverable item processing plant which then either passes or otherwise makes available this information to the individual destination deliverable item processing apparatuses.

Continuing with one embodiment for completing normal processing, the processing control block 1008 prepares a request for electronic payment (e.g. force transaction or postauth) comprised of any relevant updated available information in accord with the application and standards prescribed by the card issuer or card issuer agent.

During the processing of deliverable items, according to one embodiment of the present invention a machine readable code which cannot be decrypted or validated in accord with the application and standards prescribed by the card issuer or card issuer must not be a valid maclvne readable code, and thus deliverable items enabled with such codes can be sorted to a special stacker bin.

In another embodiment of the present invention, analysis of the data of the national database can provide historic information on customer usage of purchased stamps, assist in forecasting volumes of deliverable items sent with stamps enabled with machine-readable codes, and assist in inventory management. Analysis of unique identifiers and destination data can provide information, for example, on customer usage of types of stamps for international mail.

In another embodiment of the present invention, the deliverable item processing methods and systems such as those described above may be used to process deliverable items enabled with machine-readable codes such as those described above included as part of PC postage applied to the exterior of envelopes or applied directly on papers to be inserted in envelopes, the envelopes having windows to allow the machine-readable codes to be scanned without opening the envelope.

While the above ernbodiments have focused on delivery service providers which are postal service providers, it is to be understood that more generally they can be used by any service provider in the delivery of deliverable items, in wliich case deliverable item processing apparatuses including the above described inventive features would be employed.

While in the above example, a single camera is provided for taking a single image of a fi=ont surface of a deliverable item, more generally any unage capture device may be provided for capturing one or inore irnages of a deliverable item so long as the image(s) include the maclline readable codes and destination information. In addition, any computerized device may be provided for interpreting the machine-readable codes and destination information.
In step 1050 of Fig. 12, an image or unages of a deliverable item are talcen.
In step 1055 the iinage(s) are processed to obtain a deliverable item identifier and a randomly generated number of a transaction identification number. The transaction identification number comprises the randomly generated number and a time generation stamp that is indicative of the time of activation of the transaction identification number.
In step 1055, a pre-authorization request is prepared. In step 1060, the pre-authorization request is prepared and sent to a host processor along with the deliverable item identifier and the randomly generated number (step 1065.) If pre-authorization request is successful (step 1070), the processuig of deliverable item is terminated (step 1075) otherwise processing of the deliverable item continues (step 1078.) In step 1080 of Fig. 13, a pre-authorization request is sent to host processor along with deliverable item identifier and randornly generated number. In step 1085, the transaction identification number is sent to the host microprocessor for verification of a user along with status of the transaction identification number. In step 1090, personal identification information of the user is obtained from the host microprocessor for verification. In step 1095, information is obtained from the user to compare with the personal identification information obtained from the host microprocessor. In step 2000, if the information obtained from the user matches the information obtained form the host microprocessor, then this verification is confirmed to the host microprocessor.
In step 2005 of Fig. 14, image(s) of a deliverable item are taken. In step 2010, a transaction identification number issued to a user is obtained. The transaction identification number coinprises a randomly generated number and a time generation statnp that indicates the time of activation of the transaction identification number. In step 2015, a deliverable item identifier is applied to a deliverable itein and the raiidomly generated number of the transaction identification number.
FIG. 15 is a flow chart illustrating the various steps involved in issuing of transaction identification number. In step 2020, identity of the user is verified for use by the user from a pool of available numbers. In step 2025, the transaction identification number is sent to the user according to a specified limitation. In step 2030, the transaction identification number is stored in an associated memory with a link to associated personal identification information and a specified limitation.
Although the invention has been described in detail, it is to be understood that variations therein and modifications tllereto may be made by those skilled in the art without departing from the spirit and scope of the invention as set forth in the following claims. For example, the functions of the host coniputer can be provided by various microprocessors, servers, and memoiy storage devices working together in a system.
Another example may provide for the random string to take the form of an alphanumeric string or a string comprising cllaracters from an extended character set. The invention is not limited by the terminology used to describe the invention or various embodiments herein.

Claims (11)

1. A deliverable item processing apparatus, comprising:
an image capture device for taking one or more images of a deliverable item;
and a processing and control block for processing the images to obtain a deliverable item identifier and a randomly generated number of a transaction identification number, wherein the transaction identification number comprises a randomly generated number and a time generation stamp indicating the time of activation of the transaction identification number, wherein a pre-authorization request is prepared and sent along with the deliverable item identifier and the randomly generated number, wherein if the pre-authorization request is successful, a processing of the deliverable item continues.

2. The apparatus of claim 1, wherein the processing and control block sends the transaction identification number to a host microprocessor for verification of a user and of a status of the transaction identification number, wherein the processing and control block obtains personal identification information for verification of the user from the host microprocessor, wherein the processing and control block obtains information from the user to compare with the personal identification information obtained from the host microprocessor, and wherein the processing and control block confirms to the host microprocessor that the user has been verified, if the information obtained from the user matches the information obtained from the host microprocessor.

3. The apparatus of claim 2, wherein the processing and control block further receives authorization from the host microprocessor for payment for a transaction.

4. A deliverable item processing apparatus, comprising:
an image capture device for taking one or more images of a deliverable item;
a processing and control block for obtaining a transaction identification number issued to a user, wherein the transaction identification number comprises a randomly generated number and a time generation stamp indicating the time of activation of the transaction identification number; and a printer for applying to a deliverable item a deliverable item identifier and the randomly generated number of the transaction identification number.

5. The apparatus of claim 4, wherein in issuing the transaction identification number is provided from a pool of available numbers for use by the user in accord with a specified limitation, the transaction identification number is sent to the processing and control block, and the transaction identification number is stored in an associated memory with a link to associated personal identification information and the specified limitation.

6. A postage stamp, comprising:
a deliverable item identifier; and a randomly generated number of a transaction identification number, wherein the transaction identification number comprises a randomly generated number and a time generation stamp indicating the time of activation of the transaction identification number.

7. A method for processing a deliverable item, comprising the steps of:
(a) taking one or more images of the deliverable item;
(b) processing the images to obtain a deliverable item identifier and a randomly generated number of a transaction identification number, wherein the transaction identification number comprises the randomly generated number and a time generation stamp indicating the time of activation of the transaction identification number;
(c) preparing a pre-authorization request and sending the pre-authorization request, along with the deliverable item identifier and the randomly generated number, to a host processor; and (d) continuing processing of the deliverable item if the pre-authorization request is successful.

8. The method of claim 7, wherein the preparing and sending step (c) comprises:
(c1) sending the transaction identification number to the host microprocessor for verification of a user and of a status of the transaction identification number;

(c2) obtaining personal identification information for verification of the user from the most microprocessor;
(c3) obtaining information from the user to compare with the personal identification information obtained from the host microprocessor; and (c4) confirming to the host microprocessor that the user has been verified, if the information obtained form the user matches the information obtained form the host microprocessor.

9. The method of claim 8, further comprising:
(c5) receiving authorization from the host microprocessor for payment for a transaction.

10. A method for processing a deliverable item, comprising:
(a) taking one or more images of a deliverable item;
(b) obtaining a transaction identification number issued to a user, wherein the transaction identification number comprises a randomly generated number and a time generation stamp indicating the time of activation of the transaction identification number;
and (c) applying to a deliverable item a deliverable item identifier and the randomly generated number of the transaction identification number.

11. The method of claim 10, wherein the issuing of the transaction identification number to the user comprises:
(b1) verifying an identity of the user from a pool of available numbers for use by the user in accord with a specified limitation;
(b2) sending the transaction identification number to the user;
(b3) storing the transaction identification number in an associated memory with a link to associated personal identification information and the specified limitation.