EP0866427B1 - Mail processing system with a machine base system controlled by a personal computer - Google Patents

Description

The invention relates to a mail processing system having a controlled by a personal computer printing machine base station, according to the type specified in the preamble of claim 1. The system is suitable for processing filled letters of different formats in medium to large shipping quantities. The basic structure of both components personal computer and machine base station enables a cost-effective adaptation to different customer requirements. The system can be operated as a franking system, as a mailing system or as a mail validation system for a carrier multiple.

A letter is made in modern offices at the personal computer. The printed letters are enveloped by hand in the office or automatically enveloped with an inserting system. From a medium to higher number of letters to be sent or other mail items franking machines are used in the usual way, for franking the mail. For example, US 4,746,234 relates to a thermal transfer postage meter which is surrounded by a secured housing.

• a) Die Benutzung eines gewöhnlichen Bürodruckers ermöglicht nur das Bedrucken von ungefüllten Briefumschlägen. Gefüllte Briefumschläge mit ihren wechselnden Briefdicken können von einem Bürodrucker nicht eingezogen werden. Dieser Nachteil begrenzt die Anwendung eines solchen Systems auf kleinste Briefmengen. In einem Postausgangsbüro, welches die zentral von den verschiedenen Abteilungen eines Unternehmens hereinkommende Post versandfertig zu machen hat, kann diese Lösung nicht eingesetzt werden.
• b) Das Portoabrechnungsprogramm, welches vom Prozessor des Personalcomputers abgearbeitet wird, ist manipulierbar. Das Programm kann so verändert werden, daß es wie das Original arbeitet, bis auf die Reduzierung des Portobetrages, der im speziellen Portospeicherbaustein gespeichert ist. Damit entfiele für den Kunden die Notwendigkeit den Portospeicherbaustein gegen Bezahlung bei der Postbehörde wieder aufzuladen, während er unbegrenzt weiter seine Ausgangspost mit Frankierabdrucken versehen kann. Der Zugang zum Portoabrechnungsprogramm ist z.B. durch den Ausbau der Festplatte leicht möglich. Dies wäre noch nicht einmal nachweisbar, da sich das Programm, im Gegensatz zu einer herkömmlichen elektronischen Frankiermaschine, nicht in einem gesicherten Gehäuse befindet. Das manipulierte Programm kann zusätzlich zum Originalprogramm gespeichert werden. Im Falle einer Inspektion wird dann ausnahmsweise das Originalprogramm gestartet. Wird das manipulierte Programm noch durch ein Paßwort geschützt, ist die Manipulation praktisch kaum noch nachweisbar.

Solutions are already known which build a franking system from individual components. In US 5,510,992 (Post N Mail) a system is described which consists of two components, namely a personal computer and a office printer. The postage is stored in hardware components that have a standard interface with connected to the personal computer PC. A special program, which is stored on the PC's own storage media (eg hard disk), carries out the postage calculation, reduces the stored postage amount and generates the data for the franking imprint, which are transmitted to the office printer. Apart from the special postage memory modules, this PC system works without additional hardware components. However, he has two shortcomings:

• a) The use of an ordinary office printer only allows the printing of unfilled envelopes. Filled envelopes with their changing letter thicknesses can not be fed by an office printer. This disadvantage limits the application of such a system to the smallest letter quantities. This solution can not be used in an outgoing post office, which has to make the mail arriving centrally from the various departments of a company ready for dispatch.
• b) The postage accounting program, which is processed by the processor of the personal computer, can be manipulated. The program can be modified to work like the original, except for the reduction of the postage amount stored in the special postage memory module. This would eliminate the need for the customer to recharge the postage memory module against payment to the postal authority, while he can indefinitely continue to provide his original mail with franking imprints. The access to the postage accounting program is easily possible eg by the removal of the hard disk. This would not even be detectable, since the program, unlike a conventional electronic postage meter, is not in a secure housing. The manipulated program can be saved in addition to the original program. In the case of an inspection, the original program will be started exceptionally. If the manipulated program is still protected by a password, the manipulation is virtually undetectable.

Already in EP 459 159 B1, the applicant has specified a PC-supported franking device, which is better protected against manipulation. This solution is based on a special franking module, which is inserted into a slot of a personal computer PC and connected to the internal information and power supply network of the personal computer. This franking module contains an independent Processor system with postage storages as well as an integrated printing device for the franking of letter envelopes. By means of the integration of the printing device, it is possible to eliminate the general security deficiency of the abovementioned PC franking system. The operator guidance advantageously uses the resources of the personal computer, in particular monitor, keyboard and operating system. Although this solution allows the processing of filled letters to a limited extent, but only of small letter formats. Also, the slot of the personal computer must have a suitably sized (5 1/4 ") to accommodate the franking module, which is less often guaranteed due to the increasing miniaturization of modern personal computers Postal processing on a small scale, ie suitable for low mail volume Automatic processing of stacked mail is already excluded by the lack of combination possibility with a letter unpacking machine, so this solution is only suitable for small letter volumes.

According to DE 24 38 055 C2 (P.B.) is located between the computer and a secure printer a secure electronic postage meter (meters), the secure printer is connected to the meter via secure lines and secure connection parts. The user may not change the postage meter or open the secured line to expand the system. Such a system is not service friendly.

A similar solution is proposed in US 5,200,903 (Neopost). A personal computer or workstation is connected via a reusable cable to a peripheral postage meter which includes a billing and control module (meters) and a printer for both the franking stamp printing and the printing of the recipient's address. A MODEM is connected to the personal computer. The personal computer acts as a means of communication and takes over the calculation of the respective postage fees for the individual packages on the basis of stored postage fee tables. The peripheral billing module is relieved of this compute and memory intensive function. No additional scale must be connected to the franking machine if the weight of the letter can be calculated by the personal computer based on the letter content. The billing module of the franking machine has a processor system with postage buffers and makes the settlement. The directly connected control module controls the printing of address and franking stamp. Due to the secure housing can be dispensed with this solution on ge-secured lines and secure connection parts between billing module and printer. A sufficiently good access for the service to individual components is still not given.

A disadvantage of both solutions above is the low operating speed of the overall system. It is determined by the data transfer rate on the connection between the input / output port of the personal computer on the one hand and the accounting module on the other hand.
In the absence of a suitable base station for the transport of mail, fast automatic processing so-called mixed mail with changing postage charges from letter to letter is virtually impossible.

From US 5,309,393 a remotely reloadable postage meter machine is known, which is connected to a personal computer, which contains a MODEM and establishes a communication link with a telephone network. A balance can additionally be connected to the franking machine or is integrated into the franking machine housing. This is again a closed and thus secure system, but this still has the above-mentioned disadvantages.
Alternatively, according to another variant of US 5,309,393 an open system is proposed. In a slot of the personal computer, an interface board is inserted, which contains both an interface to a load cell and a display unit, as well as an electronically erasable and programmable memory EEPROM for the postal registers (ascending register, descending register). Via a parallel I / O interface, a standard printer is connected to the personal computer, which carries out the franking printing. A primary password stored in a non-volatile memory of the personal computer provides access to all metering operations. The nonvolatile electronic erasable and programmable memory EEPROM of the interface board's a secondary password for the user is stored. It was not communicated whether the tamper-proofing of the system was guaranteed beyond that. Most public postal carriers still have safety concerns about the approval of open systems. Also, such a printer does not appear to be capable of handling a high and different amount of mail.

In US 5,590,198 a removable meter slot is also inserted into a slot of a personal computer, which slot complies with the standard of the Personal Computer Memory Card International Association (PCMCIA). It has further required modules for an open system to ensure the necessary manipulation security. To operate the franking system, a user password is required. However, re-initialization is possible by means of a super-password generated by a data center, i. without having to return the meter plug to the manufacturer. Although a standard printer is connected to the personal computer unsecured, which performs the franking pressure. However, the printed postage value in the franking stamp image is secured by means of an additionally printed digital signature. The authorization is checked at the mail carrier using the digital signature on the mail. The introduction of such a system will only become possible after equipping the postal authorities and private carriers with an appropriate verification technique. Although the commercial printers are adapted for connection to a personal computer and switchable to print an unfilled letter envelope can. However, such printers are not designed to handle medium to large volumes of mail and can only print unfilled mailers.

None of the above Solutions allows the processing of filled letter cuvettes of different thicknesses and different formats. The o.g. Typefaces can not be inferred whether different mail carriers are selected by the mail carrier customer or how they are allocated for billing purposes. Nor is it clear how the timeliness of the data can be maintained for a large number of carriers.

The invention has for its object to overcome the disadvantages of the prior art and to provide a mail processing system, which consists of physically separate components, which allow maximum adaptation to the respective customer requirements, the use of security housings reduced and yet a misuse for the purpose a forgery of data of individual components as well as the entire system is excluded.

In particular, a more flexible mailing system is to be developed with a mailing machine that allows the use of services of various private and public mail carriers. With a machine base station, the processing of filled mailpieces of different thickness and different formats for medium to large shipments should be done.

The object is achieved with the features of claim 1.

A printhead for a purely electronic printing is controlled by a printhead electronics and forms with a transport unit a poststückdickentolerante printing station. In addition to the processing of large quantities of mixed mail on the basis of filled envelopes, the invention now makes possible a PC-supported franking. The security against manipulation at the interface to the printing base is ensured by special measures in the personal computer and in the printing base and optionally also by a security imprint in accordance with the requirements imposed by the respective postal carrier. The security print data includes a signature that allows verification of the printed postage value.

The invention assumes that a secured housing is required only for certain components of the system. The system has a security device protected by a security housing in the personal computer connected to the system bus of the personal computer. Abrechen- and security functions are combined in the security means according to the invention. The reject function of the safety device is based on a fast and tamper-proof hardware interrupt unit and non-volatile memory modules, which do not require any support voltage for data retention when the machine is switched off. A special data transmission hardware and a special fast interface to the machine base station allows a special control of at least the machine base station by the security means, thus making it impossible to use the machine base station without an attached security means.

The system is equipped with a high security against tampering due to a software-based security module in the security device. A security processor, preferably an OTP (One Time Programmable) processor is arranged in the security means and contains all security-related programs stored read-safe. The security processor is programmed with at least one non-readable program part to perform at least one of the plurality of security functions. It is provided that the security processor is connected via the parallel input / output interface of the security means and the PC system bus to a modem or that the security processor is connected via the at least one serial interface of the security means with a modem. Thus, the security processor is programmed with a non-readable program part which performs a tamper-proof deposit recharge into the postal registers formed in the non-volatile memory devices. Together with other programs stored in a program memory EPROM of the security means SM, at least one security module is created which checks the authorization of the individual components and monitors the data transfer between the personal computer and the machine base station.

The personal computer with associated user programs and a low-cost user interface with keyboard and display unit allows to carry out more functions in a comfortable way than one meter of a franking machine could do. Thus, more and also new services of mail carriers can be requested for mail processing. Advantageously, these user programs are used to operate the system under WINDOWS for a carrier multiple as a franking system, shipping system or Postgutentwertungssystem. The program memory of the personal computer and / or the security means preferably includes an associated user program with a postage calculation based on entered shipping data and a manually or by scale entered weight or due to input data for the indirect calculation of the weight. The postage calculation includes in a preferred embodiment, a subroutine for determining the cheapest mail carrier for the corresponding shipping or transport task. It has already been proposed, a computer-aided mail processing system with franking machines and possibly together with other post-treatment devices for the processing of a higher volume of mail in a post office for franking mail to use (non-prepublished German patent applications 196 17 586.0, 196 17 473.2, 196 17 476.7, 196 17 557.7). The mail carriers are already selected in the office by the user via the user interface of the personal computer, but printed as a barcode on the letter. The barcode can be scanned in the remote post office via a scanner. The billing is done by software in the franking machine, to which a modem is connected to update the postage fees. The update of the tariffs is done automatically in cooperation with a data center.

In contrast to this, the invention provides for billing in the at least one security device arranged in the personal computer and, in the process, billing for a large number of mail carriers assigned to the respectively set mail carrier. For this purpose, it is provided that service request means for mail processing for at least one mail carrier are connected to the PC system bus, that at least one security means is equipped with at least one user-specific hardware circuit, which carries in at least one related to a postal carrier billing in associated non-volatile memory modules ,

Alternatively, for each mail carrier, a separate security means can be inserted as a slot in a slot of a personal computer, the slot can be changed, or groups of mail carriers are each assigned to a specific security means.

The security means has at least one software-based security module in the security processor or in the program memory and at least one fast interface. A software-based security module in the security processor is provided, for example, for generating data for a security imprint or for producing security during imprinting. Each of the software-based security modules is based on a non-readable part of the program in the security processor. A variety of software-based security modules can also be used for different mail carriers and purposes. A software-based security module in the security processor can also fully address the needs and demands of a security tailored to the specific postal carrier. Thus, inter alia, it is provided that the security processor of the security means is in communication with a modem and is programmed with a non-readable program part, which performs a tamper-proof credit recharge in the mail registers which are formed in the non-volatile memory modules.

The security means is connected via a first data cable and via a processing circuit of the special interface unit and / or the print head electronics in the machine base station for controlling a postgutdickentoleranten printing station. The security means preferably has a fast serial interface for connection to the printhead electronics in the machine base station.

Advantageously, medium to large shipments can now be processed with the special machine base station. The machine base station contains a thickness-tolerant printing station and is coupled to the security means via a special interface unit. In this case, the security means SM via a special serial high-speed channel, the connection to the special interface unit of the special machine base station produced.

Due to the special interface already a use of the machine base station in manipulation intention can be made more difficult. Additional special measures ensure security against unauthorized manipulation. In the user program of the personal computer, the authorization numbers for the permitted security means are stored or listed, which security means must be accessed in order to carry out the billing for a selected mail carrier. In the user program of the personal computer and in a program module of the security means the permitted or according to the respective user program suitable printing devices are listed. In the user program of the personal computer and in a program module of the security means routines are stored in order to check the authorization of each other. It is checked by the personal computer, whether the respective user program or the respective mail carrier associated security means is connected and whether the respective user program associated machine base station is connected. Otherwise, If unauthorized, the respective user program can not be activated. In addition, a check in the machine base station can also be made with regard to an authorization of the triggering security means. Only in this way can the use of the machine base station in the event of manipulation be prevented. With another computer, ie without a connected authorized security means, it is therefore not possible to operate the special machine base station, for example, to produce counterfeit franking imprints in counterfeiting intent. The security of the mail processing system according to the invention is based on two measures which relate to the operation of the security device and the operation of the franking printer: a) the security agent is protected against manipulation of the postage billing and b) the franking imprint of the franking printer is secured against counterfeiting. The security of the security device is based on the fact that it is a special hardware in contrast to a pure PC solution. Although this special hardware has an interface to the PC system bus. But beyond that, there is no access to the postage accounting program or any other security related program, security related data or postage accounts to write data. This security-relevant data can only be read out by the processor of the security means or used or changed, for example as part of a credit recharge. In addition to the above-mentioned approval number for selected postal carriers, the identity of the security agent is given by an unreadable customer- or machine-specific cryptographic key. The billing data can only be read out by the processor of the personal computer, for example in order to display this billing data. The security agent itself can be physically secured by various means. The simplest form of security is the encapsulation and blinding of the security agent. An equivalent measure is the potting of safety-related hardware components, such as the postage memory. A higher level of tamper resistance is achieved by a special variant of the security means in the form of a user-specific circuit (ASIC). On the output side, at least the print data and associated control data are delivered from the security means to the machine base station. All lines are advantageously combined to form a first data cable, which optionally with an adapter, and which is connected to a plug / socket with the special interface unit of the machine base station.

The machine base station forms, together with other individually controllable stations, a mail processing machine, wherein the individually controllable stations are each interfaced to one another by means of a second data cable.

It is envisaged that a single controllable station of the mailing machine will be an automatic mailing station and interfaced with the machine base station via the second data cable. The equipped with the security means personal computer controls in addition to the machine base station and the automatic feeder station, which is connected on the positive side of the post and applies a letter envelope or other mail to the inbox of the machine base station.

It is further contemplated that a single controllable station of the mailing machine is a dynamic scale and interfaced with second data cable to the machine base station.

It is further provided in another variant that the individually controllable station is a dynamic scale and is interfaced with the security means via a second data cable to the machine base station and a separate data cable.

It is provided in an alternative variant that the automatic feeding station via a second data cable with the dynamic scale and the dynamic scale via another second data cable to the machine base station is interfaced and that the machine base station and a first and separate data cable interfaced with the security agent in the personal computer.

In the user-specific hardware circuit of the security means are at least one serial interface with means for execution in addition to the hardware accounting unit to perform a billing function a safety function included, wherein the at least one serial interface is equipped with a monitoring circuit which cooperates with the printhead electronics of the special interface unit or a processing circuit of the special interface unit. The monitoring circuit can advantageously be operated in conjunction with a software-based security module.

Preferably, the user-specific hardware circuitry of the security means is also equipped with a medium-speed second serial interface including sensor / actuator control with galvanic isolation couplers to the machine base station along with other individually controllable stations of the mailing machine through the processing circuit of the special interface unit Taxes. Preferably, optocouplers are used as couplers.

Alternatively, it is contemplated that the custom hardware circuitry of the security means will be equipped with a medium speed second serial interface and a slow third serial interface, the medium speed second serial interface including sensor / actuator control and opto-couplers to power the machine base station via the processing circuitry the special interface unit, and wherein the slow third serial interface includes a UART circuit and optocouplers to control the further individually controllable stations of the mailing machine via a transmission circuit of the special interface unit.

Preferably, the aforementioned first and separate data cables are combined to form a common first data cable and connected via a plug / socket to the special interface unit in the machine base station. It is provided that the transmission circuit of the special interface unit includes an associated socket for the data connector of the first or common data cable and a level converter, which performs a conversion of TTL signals for a V24 interface in the machine base station. The V24 interface is connected to a V24 socket.

Figur 1,

Blockschaltbild für ein Postverarbeitungssystem mit einer automatischen Zuführstation, mit einer Maschinen-Basisstation und einem Personalcomputer mit Sicherheitsmittel,

Figur 2a,

Prinzipschaltbild für ein Postverarbeitungssystem in der Variante gemäß Figur 1,

Figur 2b,

Prinzipschaltbild für ein Postverarbeitungssystem in einer erweiterten Variante mit einer automatischen Zuführstation, mit einer dynamischen Waage, einer Maschinen-Basisstation und einem Personalcomputer,

Figur 2c,

Prinzipschaltbild für ein Postverarbeitungssystem in einer alternativen Variante mit einer automatischen Zuführstation, mit einer dynamischen Waage, einer Maschinen-Basisstation und einem Personalcomputer, wobei die dynamische Waage direkt mit dem Personalcomputer verbunden ist,

Figur 2d,

Prinzipschaltbild für ein Postverarbeitungssystem nach der bevorzugten Variante mit einer automatischen Zuführstation, mit einer dynamischen Waage, einer Maschinen-Basisstation und einem Personalcomputer, wobei die dynamische Waage über die Maschinen-Basisstation mit dem Personalcomputer verbunden ist,

Figur 3,

Blockschaltbild für eine erste Variante des Sicherheitsmittels,

Figur 4,

Blockschaltbild mit der speziellen Schnittstelleneinheit in der Maschinen-Basisstation für eine serielle Schnittstelle zum Anschluß an das Sicherheitsmittel (erste Variante nach Fig.3),

Figur 5,

Blockschaltbild für eine zweite Variante des Sicherheitsmittels,

Figur 6,

Blockschaltbild mit der speziellen Schnittstelleneinheit in der Maschinen-Basisstation für zwei serielle Schnittstellen zum Anschluß an das Sicherheitsmittel (2.Variante nach Fig.5),

Figur 7,

Blockschaltbild für eine dritte Variante des Sicherheitsmittels,

Figur 8,

Blockschaltbild mit der speziellen Schnittstelleneinheit in der Maschinen-Basisstation für drei serielle Schnittstellen zum Anschluß an das Sicherheitsmittel (3.Variante nach Fig.7),

Figur 9,

Schnelle spezielle Transporteinheit in der Maschinen-Basisstation,

Figur 10,

Ansicht eines Postverarbeitungssystems mit einem Meter,

Figur 11,

Flußdiagramm für den Betrieb des Postverarbeitungssystem als Frankiersystem.

Advantageous developments of the invention are characterized in the subclaims or are presented in more detail below together with the description of the preferred embodiment of the invention with reference to FIGS. Show it:

FIG. 1,

Block diagram for a mail processing system with an automatic feed station, with a machine base station and a personal computer with security means,

FIG. 2a,

Block diagram for a mail processing system in the variant according to FIG. 1,

FIG. 2b,

Schematic diagram for a mail processing system in an extended version with an automatic feeding station, with a dynamic scale, a machine base station and a personal computer,

FIG. 2c,

Schematic diagram for a mail processing system in an alternative variant with an automatic feed station, with a dynamic scale, a machine base station and a personal computer, the dynamic scale is connected directly to the personal computer,

FIG. 2d,

Block diagram for a mail processing system according to the preferred variant with an automatic feed station, with a dynamic scale, a machine base station and a personal computer, wherein the dynamic scale is connected via the machine base station to the personal computer,

FIG. 3,

Block diagram for a first variant of the security device,

FIG. 4,

Block diagram with the special interface unit in the machine base station for a serial interface for connection to the security device (first variant according to FIG. 3),

FIG. 5,

Block diagram for a second variant of the security device,

FIG. 6,

Block diagram with the special interface unit in the Machine base station for two serial interfaces for connection to the security device (2nd variant according to FIG. 5),

FIG. 7,

Block diagram for a third variant of the security device,

FIG. 8,

Block diagram with the special interface unit in the machine base station for three serial interfaces for connection to the security device (3rd variant according to FIG. 7),

FIG. 9,

Fast special transport unit in the machine base station,

FIG. 10,

View of a mail processing system with a meter,

FIG. 11,

Flowchart for the operation of the mail processing system as a franking system.

The details of the arrangement will be explained with reference to FIG. The personal computer 10 contains in addition to the security means 6 according to the invention at least the following components: microprocessor 1, program memory 2, memory 3, input / output port 4, and disk 5. This structure is complemented by display 8 and keyboard 9. Since the rest of the PC Construction has no special features and is commonly known, can be dispensed with a more detailed description at this point.

According to the invention, it is provided that the security means 6 is connected to the PC system bus 7 via a parallel input / output interface 64 and to the printing machine base station 24 via at least one serial interface 61, 62, 63, wherein the at least one Serial interface 62 is designed as a special data transmission unit for fast serial data transmission to the special interface unit 26 and the print head electronics 81 in the machine base station 24.

The security means 6 according to the invention mechanically and electrically has the system interface required for the coupling to the PC system bus 7 and is preferably operated in one of the free slots of the personal computer 10. The connection to the system bus 7 of the personal computer 10 enables fast data throughput based on the clock rate of the microprocessor 1 due to the parallel data transfer. The security means further includes a fast tamper-resistant dedicated interface for at least outputting the print data to the printhead 82 in the machine base station 24. Likewise, a fast tamper resistant special interface 26 is provided at least for receiving and routing the print data to the franking print head 82 in the base 24. The two aforementioned interfaces are connected via a data cable 15.

The machine base station 24, together with further individually controllable stations 27, 28, a mail processing machine 20, wherein the individually controllable stations 27, 28 are interconnected by means of data cable 25 with each other.

In the figure 1 right, the mail processing machine 20, shown in plan view. In FIG. 10, the mailing machine 20 is shown in perspective, however, the machine base station 24 is combined with one meter 40. Alternatively, the meter can be designed as a laptop and the machine base station 24 as a docking station, on which the laptop equipped with at least one security device is plugged. Preferably, the laptop has the full functionality of a personal computer.

In the figure 1, the meter 40 has been replaced by the aforementioned equipped with the security means 6 personal computer. Postgute input side, an automatic feed station 28 is connected. The automatic feeder station 28 is to automatically apply a letter envelope to the machine base station 24 inbox. It optionally includes - not shown - arrangement of an automatic letter humidifier and closer with. The mail piece to be franked is placed vertically on a supporting surface. With a pivotable Andruckarm 281 of the mail piece to be franked is resiliently pressed against a contact surface, protrude from the driven by motor feed rollers 282. The feed roller 282 causes a separation of the mail and has been described in more detail in the non-prepublished German application DE 196 05 017.0.

The machine base station of the mailing machine 20 will be explained in detail with reference to FIG. 9. In her the Briefkuverte and similar mail pieces are edgewise, slightly inclined backwards, with the aid of a circulating conveyor belt 242 equipped with pressure elements 242 transported to the franking printing station of the machine base station 24. The conveyor belt 242 with the pressure elements 243 is driven by a roller 244 and forms the transport unit of the machine base station 24. The transport unit 242 to 244 of the machine base station 24 together with the franking print head 82 forms the franking printing station. The letter envelope beginning is detected immediately before the franking printing station by a sensor 247. Preferably, an optical sensor 247 is disposed in a guide plate 240. By means of the transport unit 242 to 244, the envelopes 30 or packages or franking strips are conveyed before, within and after the franking printing station. The Briefkuverte lie on the guide plate 240, in which at least one window 241 provided and in which at least one ink jet print head 82 is permanently installed for printing. If the conveyor belt 242 is moved with the pressure elements 243, an on / -bzw. Auslenkungsteil 245 and 246 in extensions of the pressure elements 243 to form a clasp for the envelope 30 and open for supplied or abzuführende envelopes. In German patent applications DE 19 605 014 and DE 19 605 015, such a machine base station has been proposed for a franking machine and described in more detail.

The envelope 30 is transported in the machine base station 24 in the above-mentioned manner by the conveyor belt 242 and printed by the side facing away from the viewer. Preferably, the mailing machine 20 is supplemented by a tray 23. When using a conventional tray, the envelopes with the printed side would be down, so that a continuous visual inspection is not possible. In the non-prepublished German application DE 197 05 089.1 therefore an arrangement for storage of record carriers is proposed, with a secure guide also different sized and thick letter cuvettes and turning the letter cuvette is achieved, so that the franking imprint of the deposited envelope is clearly visible. The letter envelope passes behind the printing station, a groove 22 and is deflected by a rocker 21 to then fall into a box of the tray 23. For the franking of thick mail items, the mailing machine 20 additionally has a tape dispenser 248 for self-adhesive franking strips-shown in FIG. The strip sensor 248 is described in more detail in the non-prepublished German application DE.

FIG. 2 a shows a general block diagram for the variant of the mail processing system according to FIG. 1. The mail processing machine 20 consists of the automatic feed station 28, the machine base station 24 and the tray 23. It is connected via a first data cable 15 with the security means 6, which has as a PC slot corresponding outward leading - not shown - terminal contact means for data cable , Thus, the franking printing station does not have a meter, but only a machine base station and franking printer means 81, 82 as well as further means, which will be explained below with reference to FIG. The billing function of the meter required without the invention is taken over by the security means 6.

It is contemplated that the individually controllable station 28 is an automatic mailing station and interfaces with the machine base station 24 via data cable 25.

Thus, the personal computer 10 equipped with the security means 6 controls the machine base station 24 and the automatic feeder station 28, which is connected on the postgood input side and automatically applies a letter envelope to the inbox of the machine base station 24. The verification functions, which would otherwise have to perform a meter, according to the invention taken over by the security means 6, which is arranged in the personal computer. The security means 6 can be arranged in a variety of personal computers. Without a security means 6 and only with a computer, the stations 28 and 24 can not be operated.

Added to this is the overall functionality of a personal computer 10. This improves the system in terms of some features, especially in terms of ease of use compared to a one meter system. The system can now also, for example, on a variety of other private postal carriers in particular be applied. Freight or parcels can also be cleared when a corresponding user program is called up.

Alternatively, such a security means 6 can also be arranged in one meter of a franking machine, as has already been described in the German patent application DE 196 03 467.1, which has not been pre-published. FIG. 10 shows the view of a mail processing system with one meter instead of the personal computer. The use of the services of other private mail carriers, in particular, is limited because of the lower storage and data processing capacity of a meter compared to the personal computer. Not least because of the limited display and input possibility, an application of the franking machine for private postal carriers can only take place to a very limited extent. By contrast, the system according to the invention is not limited at any point. It is also possible to equip a meter with a comfortable display in the manner of a laptop and computer keyboard and with the functionality of the personal computer and with the security device. However, such a meter variant would be more expensive than a slot for a personal computer and would also require a service technician to change the security means for other private mail carriers.

FIG. 2b shows an expanded variant of the mail processing system as a basic circuit diagram. The system comprises an automatic feeder station 28 supplemented with a dynamic scale 27, a machine base station 24 and a personal computer 10. The automatic feeder station 28 separates mail pieces from a stack and feeds them to the machine base station 24, i. serves as a letter investor. If the letter stack stack is of different letter weights, each of which requires different portfolios, the additional use of a dynamic scale 27 makes sense to determine the respective letter weight. The dynamic scale 27 allows a higher throughput of different mail items (mixed mail) for automatic mail processing.

The letter weight is reported indirectly by the scale 16 to the security module 6 according to the extended variant (Fig.2b). The weight data are first sent from the scale 16 via the second data cable 25.2 to the machine base station 24 and from this on the already existing line of the first data cable 15 is transmitted to the security module 6. Here again, it is advantageous that only their operation can be controlled by means of a special connection from the security module 6 to the envelope processing unit 20, and control in the security module 6 is made possible on its proper operation.

FIG. 2c shows an alternative variant of the mail processing system as a block diagram. It is equipped with an automatic feeding station, with a dynamic scale 27, a machine base station 24 and a personal computer 10, wherein the dynamic scale 27 is connected directly to the personal computer by means of a separate first data cable 15.2, the personal computer 10 again with the security means 6 is equipped. It is envisaged that the dynamic scale is a single controllable station 27 and is interfaced with the machine base station 24 via a second data cable 25.2. The machine base station 24 is also connected in terms of interface with the security means 6 via the first data cable 15.1, so that all monitoring tasks can be carried out with the security means 6.

The letter weight is reported according to the alternative variant (Fig.2c) directly to the security module 6, which is equipped for this purpose with a - similar to that shown in Figure 7 - separate interface UART & OPTOKOPPLER. Based on stored postage tables, the correct franking value is calculated, which the security module 6 accounts for. The application program forms the print data and transmits it via the security module 6 to the franking print head 82, so that the franking value calculated specifically for this purpose is printed on the corresponding mail item in the franking printing station, for example. In this application, the speed advantages of the franking device according to the invention come fully to bear.

In an alternative embodiment, the postage determination is performed not by the personal computer but by the security processor of the security module whose structure and clock rate allow a calculation in the millisecond range.

The data link from and to the printhead electronics 81 of the franking print head 82 is especially for the transmission of the data formats designed. It is thus at least two orders of magnitude faster than data transmissions over the second data cables 25.1 and 25.2 by means of standard interfaces, such as by means of a V24 interface. Thus, a maximum letter throughput can be ensured even with changing letter weights. In both the extended and the alternative variant, the personal computer 10 executes, with the involvement of the security means 6, the postage calculation according to the desired service of a selectable mail carrier according to valid tariffs.

FIG. 2 d shows a block diagram for a mail processing system according to the preferred variant. It is equipped with an automatic feeding station, with a dynamic scale, a machine base station and a personal computer, but the dynamic scale is connected to the personal computer via the machine base station. Although the data of the dynamic scale is passed through a third serial interface of the security device, the postage calculation is not carried out in the security means, but by the user program in the personal computer. The user program stored in the program memory of the personal computer also controls the functions of the individually controllable stations 27, 28 of the envelope processing system 20, wherein the entire data traffic is handled via the security means 6. The individually controllable stations 27, 28 are each connected by means of the second data cable 25.1, 25.2 interface with each other, wherein preferably a V24 interface is used.

Thus, the automatic feed station 28 is connected via data cable 25.1 with the dynamic scale 27 and the dynamic scale 27 via data cable 25.2 interface with the machine base station 24. The machine base station 24 is again interfaced via a separate first data cable 15.1 and 15.3 with the personal computer 10 equipped with the security means 6. It is advantageous that the first or separate data cables 15.1 to 15.3 are combined to form a common first data cable 15, which is connected via a plug / socket with the special interface unit 26 in the machine base station 24. All data cables and interfaces are of course equipped with corresponding connection contact means.

According to the invention, it is provided that the machine base station 24 has a postgutdickentoleranten printing station 82, 242-244 and a special interface unit 26, wherein the driven by the print head electronics 81 print head 82 forms the postgutdickentoleranten printing station with a transport unit 242-244. The service requesting means 1, 2, 9 are connected to the PC system bus 7 for mail processing for at least one mail carrier. At least one security means 6 is provided per mail carrier and the security means 6 has a user-specific hardware circuit 66 which communicates with the PC system bus 7 via a parallel input / output interface 64 and with the printing machine base station 24 via at least one Interface 61, 62, 63 and a first data cable 15, wherein the at least one interface 61 in the user-specific hardware circuit 66 as a special data transfer unit for fast data transfer between the security means 6 and a processing circuit 268 of the special interface unit 26 and / or the printhead electronics 81st is formed in the machine base station 24. The custom hardware circuitry 66 includes means 60, 61 for performing billing and security functions for at least one selected mail carrier, the hardware circuitry 66 being connected to nonvolatile memory devices 68, 69 and to a security processor 77 programmed with at least one non-readable program portion perform at least one of a variety of security features.

Reference to the figures 3 to 8, the invention for the following three embodiments will be explained in more detail.

The security means 6 shown in FIG. 3 comprises a program memory EPROM 71, a (security) OTP processor 77, an input / output circuit 64 as a system interface to the PC system BUS, a special data transmission and monitoring unit in the fast first Serial interface 61, a hardware Abrecheneinheit 60 and non-volatile memory devices 68, 69 on. For security against manipulation, the security means 6 has a user-specific hardware circuit 66 for executing a billing and security function. The circuit 66 of the means 60 to 64 is advantageously by means of a user-specific Circuit (ASIC) realized and is therefore tamper-proof. The hardware circuitry 66 is connected to the non-volatile memory devices 68, 69 and to the security processor 77, which is programmed with a non-readable program to perform at least one of a variety of security functions. For example, it is provided in a sub-variant that the security processor 77 is connected via the parallel input / output interface of the security means 6 and the PC system bus 7 to a modem 11 and that the security processor 77 is programmed with a non-readable program part which Perform a tamper-proof credit recharge into the postal registers formed in the nonvolatile memory devices 68, 69. In another sub-variant, it is provided that the security processor 77 is connected to a modem 11 via the at least one serial interface 61, 62 or 63 of the security means 6 and that the security processor 77 is programmed with a non-readable program part for debiting the credit. The security processor 77 is preferably a DS83C520-CPU type microcontroller having a 16Kbyte internal program memory for a corresponding non-readable part of the program or other software-based security modules.

The nonvolatile memory modules are preferably FRAMs 68, 69, preferably of the type FM1208S from the company RAMTRON, which need no support voltage for data retention when the machine is switched off. Access to the nonvolatile FRAM memory area is controlled by the hardware circuit 66 (ASIC). The microcontroller can write and read access to the entire memory area of the FRAM's. A special cryptographic key for Data Encryption Standard (DES) or similar encryption methods in the internal program memory of the microcontroller 77 is used for decoding the program data, which are loaded during the initialization via the hardware circuit 66 in the non-volatile FRAM memory 68, 67 of the security means 6. These security-relevant program data are stored in the memory areas not accessible from outside the security means 6. The plaintext of the program is therefore available only in the security means 6. The other components of the system or the personal computer offer no possibility for interpreting the internal program parts. The hardware circuit 66 (ASIC) ensures that externally only the lower halves of the address space of the FRAM memory 68, 67 can be accessed. The upper halves of the address space of the FRAM memory 68, 67 remain externally inaccessible, so that there, for example, a DES key and the secret numbers for the Fernwertvorgabe for credit recharge and other instructions for further security measures in the form of program modules can be stored.

In addition, a RESET logic 78 is provided in the security means 6 in order to detect the voltage increase when switching on the personal computer 10 and to switch the security means 6 to a defined start state. When the accounting unit 60 has performed the billing, an enable signal F is delivered to a control unit 610 in the special data transmission and monitoring unit of the fast first serial interface 61. The control unit 610 effectively controls a shift register in the first serial interface 61, which is supplied with parallel data from the PC system bus via the input / output unit 64 to perform parallel / serial conversion so that the data is sent to the electronics 26 in series , 81 in the machine base station 24. A basic description of such a security means 6 is, for example, the non-prepublished German application DE 196 03 467.1 with the title: franking machine, removable.

Optionally, the security agent 6 may still be equipped with a WATCH / DATEs building block 70 to meet postal regulations that prohibit backdating post. In this case, after switching on the system, a method for setting the date can advantageously be used, which has been described in detail in the European document EP 745 958 A2.

According to the invention, a first safety circuit unit 611 and a second safety circuit unit 612 are provided in the first serial interface 61 as part of a special data transmission and monitoring unit. The first security switching unit 611 is provided to add further data to the data to be transmitted serially and / or to at least partially encrypt the aforementioned data. The second security switching unit 612 is provided to transmit the serially received ones Evaluate data after its serial / parallel conversion while or before it is placed on the PC system bus 64. The special data transmission and monitoring unit 61 thus forms a special serial interface, which is fast and tamper-proof and allows pressure monitoring. This special interface 61 has - not shown - output side optocouplers for galvanic isolation and corresponding terminal contact means.

Together with the hardware of the special data transmission and monitoring unit in the first serial interface 61, the security-related programs that are stored in the OTP processor 77, and other programs stored in the program memory EPROM 71 of the security means 6, a security module is created, which the data transfer between Personal computer 10 and machine base station 24 monitored according to different criteria. Thus, a manipulation of the print data is made much more difficult or virtually impossible.

While the stations 27, 28 and 24 of the mailing machine 20 communicate with each other via a serial V24 interface and data cables 25 and 25.1, 25.2 at a data rate, for example 9600 Bd, data lines 15 and 15.1 and a tamper-proof special TTL high-speed interface achieved a much higher data rate. This allows in addition to the transmission of print data and the transmission of other data for communication with the mail processing machine 20, in particular with the machine base station 24. For example, a data rate of about 1,000,000 Bd in data transfer between personal computer 10 and machine base station 24th reached.

In FIG. 4, a fast special interface unit 26 in the engine base station 24 is shown. It is contemplated that the particular interface unit 26 in the machine base station 24 will include a high speed channel and print pulse generating means 266, the high speed channel having the printhead electronics 81, and the print pulse generating means 266 input connected to an encoder means 80 and output side to the printhead modules of the printhead 82. At least one pressure signal is applied to the pressure pulse generating means via the high speed channel 266 is applied when the sensor 247 detects a beginning of a letter envelope or other piece of mail or franking strip beginning.

The printhead electronics 81 also have shift registers connected to the shift register SR of the transfer circuit 260 coupled to the high-speed serial channel to receive at least the print data of a print column and to send status reports.

The special interface unit 26 has a high speed transmission unit 260 for serial / parallel conversion of transmitted data concerning the control and sensor data to be transmitted and status data required for control. The fast transfer circuit 260 with shift register SR and data buffer is part of a processing circuit 268, which receives parallel sensor data for the machine base station 24 and sends parallel actuator data, as well as for the transmission of data from and to other stations of the mailing machine 20 is formed. The processing circuit 268 is equipped for the latter purpose with a V24 interface, to which a socket 269 is connected for plug contacts. In the socket 269 a plug with the second data cable 25 is inserted, which leads to another station of the mailing machine 20.

The printhead electronics 81 is connected to an encoder 80 which outputs a signal corresponding to the letter transport speed. FIG. 9 shows a machine base station 24 with an upright mail transport device 242 to 244, with means 801, 802 of the encoder 80 and with the franking print head 82. An incremental encoder disk 801, which interacts with a photocell 802, is coupled to the drive roller 244.

The encoder signal is transmitted in addition to the security means 6 via the high-speed channel. From the security means 6, a clock signal CLOCK for the shift registers of the high-speed channel is transmitted to the fast special interface unit 26 and the print head electronics 81 in the machine base station 24 via the maximum speed channel. The shift register SR of Fast transmission circuit 260 outputs data in parallel to processing means in the processing circuit 268.

The transmission circuit 260 includes further registers, not shown, for data buffering, and the processing circuit 268 optionally includes a state machine and other means for communicating with the security means 6.

It is advantageously possible to use an intelligent processing circuit 268 consisting of a random access memory RAM 261, a program memory 262, a central processing unit CPU 263, a nonvolatile memory NVRAM 264, for intelligent sensor / actuator control. The security means 6 itself must then have no actuator / sensor control, but only needs to transmit necessary instructions from the application program to the base 24. For this purpose, the fast transmission circuit 260 contains at least one shift register SR connected to the serial channel of the print head electronics 81 in order to receive instructions and further data intended for the machine base station 24 or for the other stations of the mailing machine 20 or data originating from these stations Safety means 6 to send.

Depending on the evaluation of the V24 interface and the sensors / actuator electronics 268, the CPU 263 can generate an interrupt signal and output it to the security means 6. The data transmitted by the stations of the mailing machine 20 are preprocessed to transfer only the most necessary data to the security means 6 from the special interface unit 26.

In the program memory ROM 262, a base identification number is stored in addition to the associated program. A nonvolatile memory of the printhead control electronics 81 includes the identification number from the printhead 82 and optionally other specific data for the operation of the printhead 82. The sensor / actuator electronics in the processing circuitry 268 is connected to the non-volatile memory of the printhead control electronics 81, not shown Data and control lines connected. The storage and processing means 261 to 263 are used to mutually verify the authorization of security means 6 and special interface unit 26 and / or printhead 82, preferably using a standard method.

The block diagram shown in Figure 5 for a second variant of the security means 6 differs from the first variant by providing a second interface 62, which comprises means for the actuator / sensor control and output side optocouplers for galvanic isolation. The means for the actuator / sensor control are in hardware, preferably as part of an ASIC, executed and in the European patent application EP 716 398 A2 under the title: franking machine internal interface circuit and method for tamper-proof print data control has been shown in more detail. In contrast to EP 716 398 A2, the means of the actuator / sensor control are not arranged in the meter but now in the ASIC of the security means 6.

FIG. 6 shows a block diagram with the special interface unit SE 26 in the machine base station for two serial interfaces for connection to the security means 6 (according to the second variant according to FIG. 5 explained above). The connection to the security means 6 has already been explained in principle above with reference to FIG. For the first data cable 15.1, another data cable 15.2 is added or all lines are combined to form a common data cable 15. The lines are each connected to a 50-pin data plug which is plugged into an associated receptacle of a transmission circuit 267 of the machine base station 24. The transmission circuit 267 has a separate channel to the processing circuit 268, which consists essentially of a series circuit of shift registers SR 6, SR 7, SR 8, SR 9 and other - not shown - shift registers, all looped into the line SEROUT2 for serial data transmission are. The line SEROUT2 leads via a socket 269 to further - not shown - shift registers to act on the actuators and sensors of other stations 27, 28 of the mailing machine 20 with data or query sensor data. An end plug 29 connects the serial data lines SEROUT2 and SERIN2, which thus form a closed loop. For serial data transmission Medium-speed TTL circuits are used, which is why the processing circuit 268 can be realized inexpensively. In contrast, for the at least one order of magnitude faster data transmission to the print control electronics 81, the TTL high-speed channel is still required.

7 shows a block diagram for a third variant of the security means 6 with three types of serial interfaces 61, 62 and 63. The serial interface 61 again leads directly via optocouplers and the TTL high-speed channel to the pressure control electronics 81. The medium-speed serial interface 62 is with the sensor / actuator control and opto-couplers - as shown in Fig. 5 - and leads - as shown in Fig. 6 - separately to the processing circuit 268 of the special interface unit 26. An additional slow serial interface 63 is provided with a UART electronics , ST16C450 or other corresponding serial input / output circuit, RS 232, etc., and optocouplers, and serves to control the stations of the mailing machine 20 to the left of the base 24. The three serial interfaces 61, 62 and 63 are via the input / output circuit 64 connected to the PC system bus 7 and become parallel loaded with data of the respective user program for controlling and query the mail processing machine 20.

With reference to Figure 8 is a block diagram with the special interface unit SE 26 in the machine base station 24, the three serial ports 61, 62, 63 for connection to the security means 6 (according to the third variant of Figure 7) explained. The arrangement of the circuit means is as explained in Figure 6, with the exception of the transmission circuit 267 on the PC-side socket of the spektrum interface unit 26 and with the exception of the socket 269th
The transmission circuit 267 includes another slow channel having a level converter to convert the TTL level to a V24 level. At this level converter, the socket 269 is connected and now leads advantageously the V24 level. At the socket 269 now more stations 27, 28 can be connected, all of which are standard equipped with V24 interfaces. The at least the series circuit of shift registers SR 6 to SR 9 containing data line SEROUT2 is already through a connection line in the processing circuit 268 with the serial data line SERIN2 connected to form a closed loop.

The print head electronics 81 also have shift registers coupled to the high speed serial channel to receive at least the print data of a print column and to send status reports.

The printhead electronics 81 includes - not shown - associated electronics that can lock or unlock the printing process. For example, similarly to the procedure for tamper-proof print data control (EP 716 398 A2), after the authorization has been established, an activation can be made and the length of the print data record can be monitored in order to make it difficult to manipulate it.

In addition, the authenticity of at least some print data from the print head electronics 81 is tested according to the invention in a variant. A software-based security module of the security means 6 is designed to provide the required print data permitting an aforementioned check. Another software module of the security means 6 is designed to provide the required print data for a security print with signature, which can be checked in the post office or at the respective selected mail carrier.

In another variant, RSA encryption is used. The machine base station 24 is not necessarily located in a secure housing, as is conventional in conventional postage meters. With such a measure could not be prevented that the line 15 is connected instead of the security module 6 with a prepared PC output via which then a sequence previously abgehörter pressure signals is generated for which no billing exists. One way to secure the data transmission on the line 15 is to encode the transmitted data. On the security module is located on the output side a Verschlüßlungsbaustein and receiver side behind the interface of the franking printer a corresponding Entschlüßlungsbaustein. Encryption can be done according to the RSA method, which is considered secure. The data line between the decoder module and the Register, which directly controls the individual printing elements of the dot matrix printer, of course, must also be secured. The easiest way to do this is that both blocks are cast together or their functions are integrated into an ASIC, the ASIC is physically firmly connected to the print head and only the print head 82 is secured with the associated electronics 81 by a security housing.

An alternative way to secure the line 15 is that additional information cryptified to the conventional franking information is printed on the envelope as a mark or signature. This information is preferably printed as a machine-readable bar code. These printed codes are recorded by special readers installed in post offices or distribution facilities and checked for their authenticity. Even color copies of real franking imprints could be discovered and taken out of circulation in this way. The details of such a method have been described by the applicant in DE 43 44 471 for use in conventional franking machines. In comparison with the o.g. Solution of coded transmission of all information on the line 15, the variant described here has the advantage that the receiver side in the franking printer no effort to decrypt the information must be operated because the now additionally supplied encrypted information is printed encrypted.

The division of processing functions according to the invention was carried out in a way that allows by few measures to achieve a hitherto unachieved level of tamper resistance, although a standard PC is used for the operator guidance. Of course, the applications of the inventive principle are not limited to the described embodiments. For example, it is also in the spirit of the invention to use a workstation instead of a personal computer or another intelligent device with a user interface. Also, the application of the invention is not limited to letter post. Rather, the label printer 82 can also print a label which is glued onto a package. Such prepaid parcel billing would have the same security features as the letter processing.

The franking print head 82 is preferably implemented as a dot matrix printer to provide alternating information, e.g. different customer logos to print. A particularly suitable printing process is the piezo-ink-jet process. Due to its high printing speed, it also allows the efficient processing of large quantities of letters. Such a printhead has been developed by the applicant (FP) and has been described in detail in US 5,592,203. In order to put the printer in the position to be able to print on different envelope thicknesses with the same quality, the applicant has filed an arrangement under the file number DE 196 05 014.6 (not prepublished), which the transport and printer means for a variant of the machine base station describes.

The dialog with the user on the one hand and the security module on the other hand is handled by a program module which is stored in the personal computer and is functional under the respective operating system. Advantageously, these program modules (user programs) are used to operate the system under the WINDOWS operating system for a carrier multiple as a franking system, shipping system or Postgutentwertungssystem.

FIG. 11 illustrates a flow chart for the operation of the mail processing system as a franking system. The user starts the personal computer and loads it with the associated user program in step 100. The user finds the usual user interface with PC keyboard and PC display unit, which already allows the hardware equipment to perform more functions in a comfortable way than this Meter for a franking machine could do. A menu navigation under the WINDOWS operating system first allows the selection of the desired user program before loading. After loading the desired user program is automatically checked in step 100, whether the security means is present, which is assigned to the respective user program or the respective mail carrier. Here, the variants are included, with several security modules must be checked, each associated with a specific mail carrier or where a variety of security modules is distributed to a variety of security means. Another check is done automatically, to query the connection of the associated machine base station. The aforementioned tests include a mutual verification of the authorization of at least some of the components of the system involved. If the existence of one of the queries 101 and 102 is not guaranteed, the user program is terminated (terminator). In addition to the illustrated interrogation steps 101 and 102, further interrogation steps-not shown in FIG. 11-can be performed. Otherwise, after the above-mentioned query, step 103 is branched to activate the user program. A subsequent display and input routine at step 104 displays non-volatile stored entries corresponding to the last setting for display and provides menu-based further inputs corresponding to the desired service or shipping task.

The user program Franking contains an associated step 105 for postage calculation on the basis of entered shipping data and a weight input manually or by scale or contains a subroutine for the indirect calculation of the weight based on entered data. The postage calculation includes in a preferred embodiment, a subroutine for determining the cheapest mail carrier for the corresponding shipping or transport task. Or before the postage calculation is - in a step 105a, not shown, the timeliness of the stored rates of postal carriers checked and possibly restored. The security agent has a routine for automatically checking whether the selected services are up-to-date and otherwise available for communication to a remote data center 12, sending special request data from the modem 11 and receiving the required data from the data center 12 and the required Data are loaded into the memory of the security agent. The modem 11 is connected either directly or indirectly to the security means 6 to make the transmission of the required data at the request of the security means 6. In the last variant, a correspondingly suitable communication connection is switched by the data center TDC to the personal computer 10 via modem 12.

• Initialisierung des Postverarbeitungssystems mit Vorauswahl einer Gruppe an Beförderern, aus welcher der gewünschte Beförderer anschließend selektiert werden kann, wobei während der Initialisierung eine automatische Routine im Personalcomputer abläuft, zur Herstellung einer Übereinstimmung mit aktuellen befördererbezogenen und mit sicherheitsrelevanten Daten, welche in dem mindestens einem Sicherheitsmittel 6 gespeichert sind,
• Verarbeiten von Eingaben betreff gestellter Dienstleistungsanforderungen an den Beförderer, wobei ein mittels des Prozessors 1 automatisch ausgewählter Postbeförderer oder ein mittels Tastatur 9 in Verbindung mit der Anzeigeeinheit 8 des Personalcomputers eingegebener Postbeförderer angezeigt wird und wobei weitere Versandinformationen, wie Versandart, und/oder die Kostenstelle am Personalcomputer mittels Tastatur manuell und/oder mittels Programm automatisch eingeben werden,
• automatische Auswahl derjenigen Beförderer aus vorgenannter Gruppe an Beförderern, welche die gestellten Dienstleistungsanforderungen erfüllen, während des Verarbeitens von Eingaben betreff gestellter Dienstleistungsanforderungen an den Beförderer und
• Errechnung der Portogebühr im Sicherheitsmittel 6 aufgrund des Gewichtes des Postgutes bzw. Briefes und aufgrund aktueller Tarife für selektierte Dienstleistungen, welche in dritten nichtflüchtigen Speicherbereichen der nichtflüchtigen Speicher 68, 69 des Sicherheitsmittels 6 gespeichert vorliegen, wobei zur Aktualisierung der Tarife auf diese dritten nichtflüchtigen Speicherbereiche schreibend und/oder lesend vom Sicherheitsprozessor 77 zugegriffen werden kann sowie
• Durchführung von Vergleichen der Portogebühr zur Kostenoptimierung bei der engeren automatische Auswahl des günstigsten Beförderers vom Personalcomputer.

The method for determining the cheapest carrier in the mail processing system according to the invention then comprises the following steps:

• Initialization of the mail processing system with preselection of a group of carriers from which the desired carrier can subsequently be selected, wherein an automatic routine in the personal computer occurs during initialization to match current carrier-related and security-relevant data stored in the at least one security means 6 are stored,
• Processing input on service requests made to the carrier indicating a mail carrier automatically selected by the processor 1 or a mail carrier entered by means of a keyboard 9 in connection with the display unit 8 of the personal computer, and other shipping information such as shipping method and / or cost center at Enter personal computer by keyboard manually and / or by program,
• automatic selection of carriers of the abovementioned group to carriers fulfilling the service requirements set during the processing of entries concerning service requirements to the carrier; and
• Calculation of the postage due in the security means 6 due to the weight of the mail or current services for selected services stored in third non-volatile storage areas of the non-volatile memory 68, 69 of the security means 6, wherein updating the tariffs on these third non-volatile storage areas writing and / or read from the security processor 77 can be accessed as well
• Carrying out comparisons of the postage fee for cost optimization in the narrower automatic selection of the cheapest carrier from the personal computer.

Details of the processes in the context of such sub-programs have been shown in more detail in the non-prepublished German patent applications 196 17 476.7 and 196 17 557.7. Here, the timeliness of the stored rates of postal carriers is checked and restored if necessary, but without using a security means 6.

After the postage calculation step 105, a retrieval step 106 for determining a reloading requirement of a refunding credit is performed when the residual value R1 is smaller than the calculated postage value. at The presence of such a reloading requirement is applied to a step 107 for establishing a communication via a modem with a data center, for example the FP teleporto data center, for reloading the postal registers with a fan credit by means of a remote value default. The personal computer 10 - shown in Figure 1 - includes a modem 11 connected to the security means 6 via the PC system bus, which establishes the communication link to the remote teleporto data center. Alternatively, however, the modem 11 - in a manner not shown - also be connected via a serial interface with the security means.

After passing through the step 107 for establishing a communication by modem and reloading, the display and input routine is branched back to step 104. Otherwise, step 106 branches to step 108 for billing in the security module, including outputting the register values and the signature to the program, which, according to the settings made in step 104, using a stored data, causes the mail to be printed in step 109. The fixed data, in particular frame data of the stamp image corresponding to the selected mail carrier, and the semi-permeable window data, in particular advertising cliché graphic data, as well as the variable window data regarding postal value in the value stamp, date in the date stamp and the signature together form a security print. The signature is formed in the security means 6 at least from a part of an encrypted checksum and added to the stamp image. It is unique to each piece of mail and thus allows verification of the paid mail which has been franked. Lastly, in the process, query step 110 is reached to determine completion of mail processing (Terminator), or otherwise to branch back to step 104 for display and entry for another postage with changed settings. The printing of the mail in step 109 includes a number of subroutines which run exclusively in the security means 6 and ensure that franking takes place with the billed postage value or contribute to the monitoring and control of the machine base station.

Preferably, a - shown in Figures 7 and 8 - training of the security means SM 6 and the special interface unit 26 in the machine base station 24 is used. The pressure data transmission to the machine base station 24 via a first fast serial interface in the security means 6 via data cable 15.1 and the control of the machine base station 24 via a second serial interface in the security means 6 via data cable 15.3. Preferably, a third serial interface in the security means 6 is provided to control other peripheral devices, such as automatic feeder 28 and dynamic scale 27 left of the machine base station 24. In addition, other data lines are provided for time-critical controls, separate from the serial interface lines. Advantageously, 15 all lines are summarized in the data cable. The lines are each connected to a 50-pin data plug which is plugged into an associated receptacle of a transmission circuit 267 of the machine base station 24.

The generation of further variants is analogous to the second variant shown in Figure 2b for a mail processing system possible by 24 further components in front of or behind the dynamic scale DW 27 are arranged between the automatic feed station 28 and the machine base station. The data is supplied to the machine base station 24 from the individual components via data cables 25 (e.g., 25.1 to 25.3) before data is transferred between the particular high speed interface unit 26 via the high speed channel and the personal computer 10.

Similarly, analogous to the third variant shown in Figure 2c, both the automatic feed station, the dynamic scale DW 27 and the machine base station and the additional component are each equipped with a separate fast interface to the personal computer 10. The at least one high-speed serial interface 61, which includes a data transmission and monitoring unit DÜ, is equipped with a corresponding number of connections for the high-speed channels of the security device SM 6.

By using a plurality of security means 6 and a corresponding number of program data changes, which are introduced via the disk storage 5 or externally, for example from a CD disk drive via the in / out port 4 in the system, the system is advantageous to that of mail carriers to postal carriers adaptable to different mailing conditions.

For example, if a new private mail carrier appearing on the mail carrier's mark is added to the system and taken into account in billing, a security agent 6 may be added or exchanged. The postage calculation will be performed for a particular mail carrier in the security means 6 by the security processor 77 in accordance with a program stored in the program memory EPROM 71 and specifically tailored for the mail carrier. the billing takes place again in terms of hardware by means of the canceling means 66 and the FRAM memories 68, 69.

In another variant, a plurality of such postage calculation programs are stored in the program memory EPROM 71. The postage calculation will be performed for a particular one of the plurality of mail carriers in the security means 6 by the security processor 77 for a corresponding program stored in the program memory EPROM 71 and specifically tailored to the selected mail carrier. A plurality of hardware interrupt units 60 and FRAM memories 68, 69 are also provided. For the hardware accounting, among the plurality of hardware interrupt units 60 and associated FRAM memories 68, 69, there is a certain hardware interrupt circuit selected by the mail carrier's choice. It is envisaged that in the security means 6, a number of hardware abrecheneinheiten 60 are provided with associated non-volatile memory devices 68, 69 corresponding to the number of postal carriers to make a settlement of postage. In the limiting case, at least one security means 6 contains a billing related to a mail carrier, so that an equal number of security means (6) is used for a number of different mail carriers in the personal computer. This security means 6 are connected on the output side via an adapter to the first data cable 15, wherein the adapter einschleift the print data of the respective accounting security means 6 in the high-speed channel. the set in the personal computer 10 user program ensures that only one of the security means 6 can transmit serial print data.

Claims (17)

1. A post processing system having a printing machine basis station (24) controlled via a personal computer (10), wherein said personal computer (10) is equipped with PC components connected via a PC system bus (7) and with at least one security means (6) for performing an accounting function, that the machine basis station includes a print station (82, 242-244) for merely electronic printing in which a print head is connected with a print-head electronic,
   characterized in

   - that service request means (1, 2, 9) for post processing for at least one postal carrier are connected with the PC system bus (7);

   - that the at least one security means (6) is provided with at least one user-specific hardware circuit (66) that carries out at least one accounting related to a postal carrier in respective appertaining non-volatile memory modules (68, 69);

   that the at least one security means (6) contains at least one software-based security module in a security processor (77) or in a program memory (71) and at least one fast interface (61);
   that the security means (6) is connected via a first data cable (15) and via a processing circuit (268) of a special interface unit (26) and/or a print-head electronic (81) in the machine basis station (24) for controlling a postal-item thickness-tolerant print station (82, 242-244); and
   that the security processor (77) of the security means (6) is in a communication connection with a modem (11) and is programmed with a program part that cannot be read out which performs a manipulation-proof credit reloading into the postal registers arranged in the non-volatile memory modules (68, 69).
2. A post processing system according to Claim 1, characterized in that a number of hardware accounting units (60) with related non-volatile memory modules (68,69) corresponding to the number of postal carriers is provided in the security means (6) for performing an accounting of postage values.
3. A post processing system according to one of the above Claims 1 to 2, characterized in that, for a number of different postal carriers, the personal computer contains the same number of security means (6) the output of which is connected via an adapter to the first data cable (15), wherein said adapter is looping the print data of the respective accounting security means (6) into the high-speed channel.
4. A post processing system according to one of the above Claims 1 or 3, characterized in

   - that a print head (82) controlled by the print-head electronic (81) and a transport unit (242 to 244) forms the postal-item thickness-tolerant print station;

   - that there is provided at least one security means (6) per postal carrier and that the security means (6) contains a user-specific hardware circuit (66) that is connected with the PC system bus (7) via a parallel input/output interface (64) and with the printing machine basis station (24) via at least one interface (61, 62, 63) and the first data cable (15), wherein the at least one interface (61) in the user-specific hardware circuit (66) is designed as a special data transfer unit for a quick data transmission between security means (6) and a processing circuit (268) of the special interface unit (26) and/or the print head electronic (81) in the machine basis station (24); and

   - that the user-specific hardware circuit (66) contains means (60, 61) for performing accounting and security functions for at least one selected postal carrier, wherein the hardware circuit (66) is connected with non-volatile memory modules (68, 69) and with a security processor (77) that is programmed with at least one program part that cannot be read out for performing at least one out of a plurality of security functions.
5. A post processing system according to Claim 4, characterized in that the special interface unit (26) in the machine basis station (24) is provided with a high-speed channel and print-pulse generating means (266), that the high-speed channel is connected with the print-head electronic (81) and the print-pulse generating means (266) is connected, on its input side, with an encoding means (80) and, on its output side, with the print-head modules of the print head (82).
6. A post processing system according to Claims 4 to 5, characterized in that the machine basis station (24) forms, together with further individually controllable stations (27, 28), a post processing machine (20), wherein said individually controllable stations (27, 28) are connected with each other via interface by means of data cable (25, 25.1, 25.2).
7. A post processing system according to Claims 4 to 6, characterized in that the individually controllable station (28) is an automatic feeding station for postal items and is connected via interface by means of data cable (25) with the machine basis station (24), wherein the personal computer (10) equipped with the security means (6) controls the machine basis station (24) and the automatic feeding station (28) that is connected on the postal-item input side and automatically positions a letter envelope on the postal-item input of the machine basis station (24).
8. A post processing system according to Claims 4 to 6, characterized in that the individually controllable station (27) is a dynamic balance and is connected via interface by means of data cable (25.2) with the machine basis station (24).
9. A post processing system according to Claims 4 to 6, characterized in that the individually controllable station (27) is a dynamic balance and is connected via interface by means of data cable (25.2) with the machine basis station (24) and via interface by means of a separate data cable (15.2) with the personal computer (10) equipped with the security means (6).
10. A post processing system according to Claims 4 to 6, characterized in that the automatic feeding station (28) is connected via data cable (25.1) with the dynamic balance (27) and the dynamic balance (27) is connected via interface by means of data cable (25.2) with the machine basis station (24) and that the machine basis station (24) is connected via interface by means of a separate data cable (15.1 and 15.3) with the personal computer (10) equipped with the security means (6).
11. A post processing system according to one of the above Claims 4 to 10, characterized in that the separate data cables (15.1 to 15.3) are combined in one cable (15) that is connected via plug/jack with the special interface unit 26 in the machine basis station (24).
12. A post processing system according to one of the above Claims 4 to 11, characterized in that the means (60, 61) of the user-specific hardware circuit (66) include a hardware accounting unit (60) for performing an accounting function and the at least one fast interface (61) for performing a security function in the security means (6) in connection with a program module of the security processor (77), wherein the at least one fast interface (61) is designed as a serial interface and equipped with a monitoring circuit and with couplers for galvanic isolation, wherein the monitoring circuit interacts with the print-head electronic (81) of the special interface unit (26) or a processing circuit (268) of the special interface unit (26).
13. A post processing system according to one of the above Claims 4 to 12, characterized i n that the user-specific hardware circuit (66) of the security means (6) is equipped with a medium-fast serial interface (62) that includes a sensor/actuator control with optocouplers for controlling the machine basis station (24) together with further individually controllable stations (27, 28) of the post processing machine (20) via the processing unit (268) of the special interface unit (26).
14. A post processing system according to one of the above Claims 4 to 12, characterized in that the user-specific hardware circuit (66) of the security means (6) is equipped with a medium-fast serial interface (62) and a slow serial interface (63), wherein the medium-fast serial interface (62) includes a sensor/actuator control and optocouplers in order to control the machine basis station (24) via the processing circuit (268) of the special interface unit (26), and wherein the slow serial interface (63) includes a UART circuit and optocouplers in order to control the further individually controllable stations (27, 28) of the post processing machine (20) via a transmission circuit (267) of the special interface unit (26).
15. A post processing system according to one of the above Claims 4 to 14, characterized in that the transmission circuit (267) of the special interface unit (26) includes a related jack for the data plug of the first data cable (15) and a level converter that performs, in the machine basis station (24), a conversion of TTL signals for a V24 interface that is connected to a V24 jack (265).
16. A post processing system according to Claim 4, characterized in that the security processor (77) is connected with a modem (11) via the parallel input/output interface of the security means (6) and the PC system bus (7) and that the security processor (77) is programmed with a program part that cannot be read out which performs a manipulation-proof credit reloading into the postal registers provided in the non-volatile memory modules (68, 69).
17. A post processing system according to Claim 4, characterized in that the security processor (77) is connected with a modem (11) via the at least one serial interface (61, 62 or 63) of the security means (6) and that the security processor (77) is programmed with a program part that cannot be read out which performs a manipulation-proof credit reloading into the postal registers provided in the non-volatile memory modules (68, 69).

Images