EP0958674B1 - Vorrichtung zur gesicherten Kryptographischen Datenverarbeitung und zum Schutz von Speicherermitteln für Frankiermaschinen - Google Patents
Vorrichtung zur gesicherten Kryptographischen Datenverarbeitung und zum Schutz von Speicherermitteln für Frankiermaschinen Download PDFInfo
- Publication number
- EP0958674B1 EP0958674B1 EP97947255A EP97947255A EP0958674B1 EP 0958674 B1 EP0958674 B1 EP 0958674B1 EP 97947255 A EP97947255 A EP 97947255A EP 97947255 A EP97947255 A EP 97947255A EP 0958674 B1 EP0958674 B1 EP 0958674B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- security device
- postal
- postal security
- memory
- psd
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00016—Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
- G07B17/0008—Communication details outside or between apparatus
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00016—Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
- G07B17/0008—Communication details outside or between apparatus
- G07B2017/00153—Communication details outside or between apparatus for sending information
- G07B2017/00177—Communication details outside or between apparatus for sending information from a portable device, e.g. a card or a PCMCIA
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00193—Constructional details of apparatus in a franking system
- G07B2017/00258—Electronic hardware aspects, e.g. type of circuits used
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00314—Communication within apparatus, personal computer [PC] system, or server, e.g. between printhead and central unit in a franking machine
- G07B2017/00322—Communication between components/modules/parts, e.g. printer, printhead, keyboard, conveyor or central unit
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00362—Calculation or computing within apparatus, e.g. calculation of postage value
- G07B2017/00395—Memory organization
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00959—Cryptographic modules, e.g. a PC encryption board
- G07B2017/00967—PSD [Postal Security Device] as defined by the USPS [US Postal Service]
Definitions
- This invention is directed to a system for protecting cryptographic processing and memory resources for postal franking machines.
- a postal customer may obtain postage from the postal authority in several ways, including the purchase of stamps and the use of a postage meter.
- a postage meter When a postage meter is used, there is a security concern since the meter is dispensing value, and without sufficient security, the value could be stolen from a meter by unscrupulous parties.
- Concerns include use of the meter to dispense postage for which the Postal Authority has not been compensated and use of the meter which was not authorized by the lawful operator of the meter.
- WO 93/06542 shows a system designed to protect the privacy or integrity of encrypted data in a tamper-proof housing of a plug-in card.
- the plug-in card is insertable into one of the expansion bus connections which are situated on the motherboard of a computer.
- the circuits and information carriers inside the tamper-proof housing can only be accessed as long as a number of electronic and program conditions are met.
- One of these conditions is, that protection means in the card are addressed at regular intervals, e.g. every 55 milliseconds. If this is not done, the card is blocked.
- the external programs and processes must operate in a manner perfectly synchronised with the internal operation of the plug-in card.
- an ASIC embodiment of a PSD is shown generally at 5 and includes zeroing circuitry 10, read-only-memory 12, random-access-memory 14, switching/control logic 16, a control cryptographic processor 18, non-volatile memory 20, crypto key retention 22, signature algorithm execution 24, random number generator 26, real time clock 28, interrupt control and porting 30, clock circuit 36, secure hash acceleration circuit 44, secure memory management unit 54, and host interface 44 all within a cryptographic boundary 34.
- the Random Number Generator 26 within this block provides a source for non-predictable random numbers typically required in systems employing cryptographic technology.
- the clock circuit 28 is an on-chip realtime clock for secure time keeping.
- a battery 32 for retaining memory contents in the absence of main power to the ASIC, and one or more crystals 37 which provide clock reference timing for the various subcircuits within the ASIC.
- a PSD contains working memory, storage memory, and firmware necessary to execute cryptographic algorithms, within its cryptographic boundary, including, but not limited to DES and RSA encryption, as well as digital signature creation and validation. Information that must be retained, as Master Key, Public Key, Private Key, and the like are secured within a non-volatile memory or battery backed up memory of the PSD.
- the battery and crystals are outside the cryptographic boundary of the ASIC in this embodiment, these components can be also integrated into the same package as the ASIC silicon die.
- the ASIC provides physical security to the data stored thereon as the circuits are inaccessible without destroying circuit operation.
- the secure data stored on an ASIC includes data encryption keys which cannot be extracted or modified without destroying PSD operation.
- the encryption engine 24 includes the capability of receiving data, processing the received data by performing encryption or decryption operations.
- the individual components of the ASIC may also be integrated within a PCMCIA Card, or preferably the custom integrated circuit (ASIC) is further integrated and embodied as a PCMCIA Card.
- the PCMCIA Card provides additional physical security through its housing for the processing unit for the storage and accounting of all funds, audit and secure support data required to produce and validate the addition and removal of postage value.
- one of the preferred embodiments encloses the ASIC or it components in a PCMCIA card. More generally, the invention contemplates enclosing the ASIC or its components in any package having a relatively small form factor. For example, any form factor that is more or less pocket-sized or that is more or less capable of being mailed in an envelope will be convenient.
- Such a package must necessarily have a communications port capable to interfacing with the postal franking device and a host, discussed below, preferably a parallel data and address bus such as is employed in a PCMCIA card.
- the port could be a serial bus such as a high-speed universal serial bus.
- an infrared (LED-phototransistor) link may be used.
- Said secure processing unit contains working memory, storage memory, and firmware necessary to execute cryptographic algorithms, within a cryptographic boundary, including but not limited to DES and RSA, as well as digital signature creation and validation. Information which must be retained, such as Master Keys, Public Keys, Private Keys, and the like are secured within a non-volatile memory or battery backed up memory.
- the security of the PSD implemented in a PCMCIA Card is a combination of data integrity, authentication, non-repudiation, and confidentiality.
- Data integrity is realized through the use of cryptographic checksums (one-way hashes) over the data. This function produces a small value that uniquely represents the data, such that if any single bit is altered the hash value changes significantly.
- the digital signature is obtained by performing a cryptographic operation on the resultant hash of the data. Authentication is realized by the fact that the receiving party can verify the digital signature on a transmission and be assured the transmission was originated by a trusted source and not other fraudulent parties.
- Non-repudiation is achieved by the fact that the originator of the message cannot deny the message contents as it is possible to generate the verifiable digital signature only with the originator's unique private key. Confidentiality is the use of encryption to protect the data from unauthorized disclosure.
- the PSD cannot operate as a standalone device and requires a host system to perform its functions.
- the PSD typically communicates directly with a host system to carry out its primary objective of indicia creation. Additionally, through the host system a user can access the PSD to review the ascending and descending register values, piece count, watchdog timeout date, and refill history logs; activate PSD diagnostics; and with proper supervisor authorization, set up and delete PINs for individual users.
- the PSD may also provide the user with certain operational error messages such as a low-postage warning and watchdog timeout condition through the host user interface.
- the host system may also maintain certain log files; these log files are required to be signed by the PSD with its private key. The host system will transfer the data to sign to the PSD and the PSD will return a digital signature and a certificate (which contains the public key which is unique to the PSD) that can be used later to verify the digital signature.
- the PSD supports input and output functions with appropriate interfacing devices compatible with the PSD physical, link layer, and application protocols. Due to the secure nature of the PSD, the device does not provide user accessible diagnostic features. Rather, the PSD has an extensive built-in self test suite which is run upon power up. The tests preferably include the normal code memory verification tests, RAM tests, verification of accounting register and data log integrity, and execution of sample cryptographic calculations with known results to verify full functionality of the PSD. Upon successful completion of these tests, the PSD will be enabled to dispense postage funds. If any of the tests fail, the PSD will output its current ascending register and descending values. The host may also obtain the same information via a device audit request message.
- the PSD Upon the receipt and verification of a Host infrastructure-generated device audit message, preferably the PSD will reset its internal watchdog timer to accommodate control and transaction date information.
- the PSD of the present invention need not be physically located with the postal franking device; it only need be in communication with the postal franking device.
- it may be located on the host or a computer network.
- the PSD including a PCMCIA Card
- the PSD may be connected to the franking device for operation and then disconnected and connected to the host for creation of the log files, etc., through a standard PCMCIA slot.
- a block diagram of the embodiment of the PCMCIA Card PSD of the present invention interfacing with a host controller including host controller 64, timeout circuit 66, memory arbiter 68, controller 70, and memory 72. It is envisioned that a number of forms of attack can be executed against the PCMCIA Card PSD wherein an attacker attempts to obtain additional data from the PSD, or otherwise compromise its integrity, by holding the bus for an excessive period of time.
- Timeout circuit 66 operates to limit the amount of time host controller 64 may have to complete a bus transaction, and will terminate a host-initiated bus transaction if the transaction exceeds a predetermined time limit.
- host 64 When host 64 wishes to access the PSD implemented in a PCMCIA Card, it waits until read signal 74 is asserted and then asserts select signal 76. This signal is input to timeout circuit 66, which initiates a predetermined timeout interval. Host controller 64 then initiates a read or write cycle by asserting the appropriate read and write signals and setting up the address and data busses accordingly.
- Timeout circuit 66 provides a separate select signal 78 to memory arbiter 68, which is effectively a dual port memory controller containing logic which defines conditions under which controller 70 and host controller 64 have access to memory 72.
- arbiter 68 asserts a hold signal 80 to controller 70, which tells controller 70 to temporarily hold off any further accesses of memory 72. Under these circumstances, controller 70 is typically idle unless it is performing an internal operation not requiring an external memory access.
- -Arbiter 68 allows read and write signals 82 and 84, as well as address and data busses 86 and 88, to pass onto memory 72.
- host controller 64 deasserts select signal 74 to timeout circuit 66 to indicate the normal end of the bus transfer.
- Timeout circuit 66 likewise deasserts select signal 78 to arbiter 68, which removes host controller's signal levels on the read, write, address and data busses (82, 84, and 86) to memory 72 and signals the controller 70 that it can access memory 72 by deasserting hold signal 80.
- timeout circuit 66 deasserts ready signal 74 to the host controller and select signal 78 to arbiter 68. This causes arbiter 68 to remove host controller's 64 read (84), write (82) address (88) and data (86) signals from memory 72. Hold signal 80 to controller 70 is released to controller 70 can again access memory 72.
- timeout circuit 66 could also signal controller 70 that the fault occurred by asserting interrupt signal 90 to that device.
- Logic in the controller 70's software could be invoked to categorize the problem as a random fault or an attempt to compromise the PSD. If controller 70 determines tampering has been attempted, the controller would refuse further host controller 64 accesses and force the customer to report the situation to the manufacturer, for example, remotely through a telephone call or other network communication or by returning the device.
- a preferred embodiment of the PSD implemented on a PCMCIA Card would restrict the area in memory 72 that host controller 64 can access. For example, access can be limited to no access, read-only, write-only, read-write, etc., and the address range in memory 72 can be restricted to a subset available to controller 70. In this manner, controller 70 can hide certain information, such as its most critical security parameters, from both observation or overwriting.
- Host interface 42 incorporates timeout circuit 66, PCMCIA memory arbiter 68, and PSD controller 70. Controller 70 corresponds to crypto processor 18 in figure 1. Timeout circuit 66 and arbiter 68 would thus preferably be incorporated into the PSD ASIC but may be added as discrete circuits on the PCMCIA card.
- the PSD of the present invention may be used with existing public/private key cryptographical techniques known in the art. See, for example, U.S. Patent Nos. 5,237,506, 5,606,507 and 5, 666, 284.
- the speed with which such encryption is performed may be increased by the use within the PSD of a Secure Memory Management Unit 96 (SMMU).
- SMMU Secure Memory Management Unit 96
- this is obtained from Atalla Corp., of San Jose, California, which is a Tandem Company, and VLSI Technology, of San Jose, California.
- Memory 98 external to the PSD contains encrypted code.
- SMMU 96 obtains the encrypted code 100 in portions to be processed by encryption engine 104, is such a manner that it acts as a feed for encryption engine 104.
- the encryption engine 104 utilizes the appropriate decryption key provided to it by the SMMU 96.
- This decryption key is securely stored in the PSD ASIC and is never output and so is never known to a potential attacker.
- the decrypted output from encryption engine 104 is then placed into RAM 106 (also 14 in Fig. 1).
- Fig. 3 shows the output of RAM 106 going to processor 108 (also 18 in Fig. 1).
- Fig. 3 depicts secure high speed instruction cache operation.
- the overall benefit of the SMMU is realized by the fact that a would-be attacker cannot substitute software instructions into the code to alter the intended functionality and that could give the attacker access to the master, private, or public keys held within the PSD ASIC.
Claims (8)
- Postalische Sicherheitsvorrichtung in Form eines anwendungsspezifischen integrierten Schaltkreises (5) zum Schutz kryptografischer Datenverarbeitungs- und Speicherressourcen (72) für Frankiermaschinen, wobei der anwendungsspezifische integrierte Schaltkreis (5) umfasst:a) einen Kommunikations-Bus (82, 84, 86) zur Kommunikation zwischen den kryptografischen Datenverarbeitungs- und Speicherressourcen (72) und einem Host-Kontroller (64);
dadurch gekennzeichnet, dass der anwendungsspezifische integrierte Schaltkreis (5) ferner umfasstb) einen Zeitüberwachungsschaltkreis (66), der ausgelegt ist, um die Zeitdauer zu überwachen, die der Host-Kontroller benötigt, um eine Bus-Transaktion abzuschliessen;c) der Zeitüberwachungsschaltkreis (66) ferner ausgelegt ist, um die überwachte Zeitdauer mit einer vorbestimmten Referenzzeit zu vergleichen;d) eine Einrichtung, um abzulehnen, einen Abschluss der Bus-Transaktion zuzulassen, wenn die überwachte Zeitdauer die vorbestimmte Referenzzeit überschreitet. - Postalische Sicherheitsvorrichtung nach Anspruch 1, mit einer Einrichtung, um eine Reihe von Selbsttests auszuführen, um eine vollständige Funktionalität der postalischen Sicherheitsvorrichtung zu verifizieren.
- Postalische Sicherheitsvorrichtung nach einem der vorherigen Ansprüche, bei der der anwendungsspezifische integrierte Schaltkreis (5) in einer PCMCIA-Karte ausgeführt ist.
- Postalische Sicherheitsvorrichtung nach einem der vorherigen Ansprüche, mit einem sicheren Datenspeicher, der nicht ausgelesen oder modifiziert werden kann, ohne einen Betrieb der postalischen Sicherheitsvorrichtung zu zerstören, und ferner mit einem Datenspeicher, der von einem Benutzer gelesen und/oder modifiziert werden kann.
- Postalische Sicherheitsvorrichtung nach einem der vorherigen Ansprüche, mit einer Einrichtung (24) zum Ausführen eines Signatur-Algorithmus, um eine Prüfsummenwiedergabe von erzeugten Daten zu erzeugen, um eine eindeutige digitale Signatur bereitzustellen, die verifiziert werden kann.
- Verfahren zum Schützen kryptografischer Datenverarbeitungs- und Speicherressourcen (72) für Frankiermaschinen, die in einer postalischen Sicherheitsvorrichtung in Form einer anwendungsspezifischen integrierten Schaltkreis-(5)-Karte angeordnet sind,
dadurch gekennzeichnet, dass das Verfahren die Schritte umfasst:a) Überwachen mittels eines Zeitüberwachungsschaltkreis (66) der Zeitdauer, die ein Host-Kontroller benötigt, um eine Bus-Transaktion über einen Kommunikations-Bus (82, 84, 86) zur Kommunikation zwischen den kryptografischen Datenverarbeitungs- und Speicherressourcen (72) und einem Host-Kontroller (64) abzuschließen;b) Vergleichen mittels des Zeitüberwachungsschaltkreises (66) der überwachten Zeitdauer mit einer vorbestimmten Referenzzeit;d) Ablehnen, einen Abschluss der Bus-Transaktion zuzulassen, wenn die überwachte Zeitdauer die vorbestimmte Referenzzeit überschreitet. - Verfahren nach Anspruch 6, umfassend, eine Reihe von Selbsttests auszuführen, um eine vollständige Funktionalität der postalischen Sicherheitsvorrichtung zu verifizieren.
- Verfahren nach Anspruch 6 oder Anspruch 7, umfassend, mittels einer Einrichtung (24) zum Ausführen eines Signatur-Algorithmus eine Prüfsummenwiedergabe von erzeugten Daten zu erzeugen, um eine eindeutige digitale Signatur bereitzustellen, die verifiziert werden kann.
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US3053796P | 1996-11-07 | 1996-11-07 | |
US30537P | 1996-11-07 | ||
US5004397P | 1997-06-18 | 1997-06-18 | |
US50043P | 1997-06-18 | ||
US5410597P | 1997-07-29 | 1997-07-29 | |
US54105P | 1997-07-29 | ||
PCT/US1997/015856 WO1998020461A2 (en) | 1996-11-07 | 1997-11-07 | System for protecting cryptographic processing and memory resources for postal franking machines |
Publications (3)
Publication Number | Publication Date |
---|---|
EP0958674A2 EP0958674A2 (de) | 1999-11-24 |
EP0958674A4 EP0958674A4 (de) | 2004-07-07 |
EP0958674B1 true EP0958674B1 (de) | 2006-06-28 |
Family
ID=27363669
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP97947255A Expired - Lifetime EP0958674B1 (de) | 1996-11-07 | 1997-11-07 | Vorrichtung zur gesicherten Kryptographischen Datenverarbeitung und zum Schutz von Speicherermitteln für Frankiermaschinen |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP0958674B1 (de) |
CA (1) | CA2271097A1 (de) |
DE (1) | DE69736246T2 (de) |
WO (1) | WO1998020461A2 (de) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5822738A (en) | 1995-11-22 | 1998-10-13 | F.M.E. Corporation | Method and apparatus for a modular postage accounting system |
US6424954B1 (en) | 1998-02-17 | 2002-07-23 | Neopost Inc. | Postage metering system |
US6269350B1 (en) | 1998-07-24 | 2001-07-31 | Neopost Inc. | Method and apparatus for placing automated service calls for postage meter and base |
US7028014B1 (en) * | 1998-03-18 | 2006-04-11 | Ascom Hasler Mailing Systems | Tamper resistant postal security device with long battery life |
DE19812903A1 (de) * | 1998-03-18 | 1999-09-23 | Francotyp Postalia Gmbh | Frankiereinrichtung und ein Verfahren zur Erzeugung gültiger Daten für Frankierabdrucke |
US6591251B1 (en) | 1998-07-22 | 2003-07-08 | Neopost Inc. | Method, apparatus, and code for maintaining secure postage data |
US6523013B2 (en) | 1998-07-24 | 2003-02-18 | Neopost, Inc. | Method and apparatus for performing automated fraud reporting |
US6594760B1 (en) | 1998-12-21 | 2003-07-15 | Pitney Bowes Inc. | System and method for suppressing conducted emissions by a cryptographic device |
US6381589B1 (en) | 1999-02-16 | 2002-04-30 | Neopost Inc. | Method and apparatus for performing secure processing of postal data |
DE19912781A1 (de) | 1999-03-12 | 2000-11-23 | Francotyp Postalia Gmbh | Verfahren zum Schutz eines Sicherheitsmoduls und Anordnung zur Durchführung des Verfahrens |
DE50015220D1 (de) | 1999-03-12 | 2008-08-07 | Francotyp Postalia Gmbh | Anordnung zum Schutz eines Sicherheitsmoduls |
DE29905219U1 (de) * | 1999-03-12 | 1999-06-17 | Francotyp Postalia Gmbh | Sicherheitsmodul mit Statussignalisierung |
DE19912780A1 (de) * | 1999-03-12 | 2000-09-14 | Francotyp Postalia Gmbh | Anordnung für ein Sicherheitsmodul |
AU1475901A (en) | 1999-11-10 | 2001-06-06 | Neopost, Inc. | System and method of printing labels |
US6766455B1 (en) | 1999-12-09 | 2004-07-20 | Pitney Bowes Inc. | System and method for preventing differential power analysis attacks (DPA) on a cryptographic device |
GB2363868B (en) * | 2000-06-19 | 2004-12-01 | Pitney Bowes Ltd | Secure data storage on open systems |
US7085725B1 (en) | 2000-07-07 | 2006-08-01 | Neopost Inc. | Methods of distributing postage label sheets with security features |
DE10056989A1 (de) * | 2000-11-17 | 2002-05-23 | Secware Technologies Ag | Verschlüsselungssystem |
EP1386249A4 (de) * | 2001-02-23 | 2008-12-31 | Ascom Hasler Mailing Sys Inc | Wechselbarer datenträger |
US6865637B1 (en) * | 2001-06-26 | 2005-03-08 | Alcatel | Memory card and system for updating distributed memory |
DE10137505B4 (de) * | 2001-07-16 | 2005-06-23 | Francotyp-Postalia Ag & Co. Kg | Anordnung und Verfahren zum Ändern der Funktionalität eines Sicherheitsmoduls |
US7069253B2 (en) | 2002-09-26 | 2006-06-27 | Neopost Inc. | Techniques for tracking mailpieces and accounting for postage payment |
US20040103067A1 (en) * | 2002-11-26 | 2004-05-27 | Mattern James M. | Metering funds debit and credit for multi use |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4743747A (en) * | 1985-08-06 | 1988-05-10 | Pitney Bowes Inc. | Postage and mailing information applying system |
US4814591A (en) * | 1987-04-13 | 1989-03-21 | Kabushiki Kaisha Toshiba | Portable medium |
GB8804689D0 (en) * | 1988-02-29 | 1988-03-30 | Alcatel Business Systems | Franking system |
JPH04213242A (ja) * | 1990-12-07 | 1992-08-04 | Hitachi Ltd | 限定同報通信システム |
CA2071577A1 (en) * | 1991-06-21 | 1992-12-22 | Gerald L. Dawson | Electronic combination lock with high security features |
NL9101594A (nl) * | 1991-09-20 | 1993-04-16 | Tres Automatisering B V | Computer-systeem met beveiliging. |
JP2731310B2 (ja) * | 1992-01-07 | 1998-03-25 | 株式会社テック | 商品売上登録装置 |
US5389738A (en) * | 1992-05-04 | 1995-02-14 | Motorola, Inc. | Tamperproof arrangement for an integrated circuit device |
FR2706655B1 (fr) * | 1993-06-17 | 1995-08-25 | Gemplus Card Int | Procédé de contrôle d'une imprimante pour obtenir des affranchissements postaux. |
IL110891A (en) * | 1993-09-14 | 1999-03-12 | Spyrus | System and method for controlling access to data |
US5448641A (en) * | 1993-10-08 | 1995-09-05 | Pitney Bowes Inc. | Postal rating system with verifiable integrity |
US5535279A (en) * | 1994-12-15 | 1996-07-09 | Pitney Bowes Inc. | Postage accounting system including means for transmitting a bit-mapped image of variable information for driving an external printer |
US5682427A (en) * | 1994-12-15 | 1997-10-28 | Pitney Bowes Inc. | Postage metering system with dedicated and non-dedicated postage printing means |
US5602921A (en) * | 1994-12-15 | 1997-02-11 | Pitney Bowes Inc. | Postage accounting system including means for transmitting ASCII encoded variable information for driving an external printer |
US5590198A (en) * | 1995-12-19 | 1996-12-31 | Pitney Bowes Inc. | Open metering system with super password vault access |
-
1997
- 1997-11-07 WO PCT/US1997/015856 patent/WO1998020461A2/en active Search and Examination
- 1997-11-07 DE DE69736246T patent/DE69736246T2/de not_active Expired - Lifetime
- 1997-11-07 EP EP97947255A patent/EP0958674B1/de not_active Expired - Lifetime
- 1997-11-07 CA CA002271097A patent/CA2271097A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
EP0958674A2 (de) | 1999-11-24 |
DE69736246D1 (de) | 2006-08-10 |
WO1998020461A2 (en) | 1998-05-14 |
CA2271097A1 (en) | 1998-05-14 |
WO1998020461A3 (en) | 1998-10-08 |
DE69736246T2 (de) | 2007-05-16 |
EP0958674A4 (de) | 2004-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0958674B1 (de) | Vorrichtung zur gesicherten Kryptographischen Datenverarbeitung und zum Schutz von Speicherermitteln für Frankiermaschinen | |
JP4566312B2 (ja) | 暗号化デバイスによりエミッションを抑制するシステムと方法 | |
Yee | Using secure coprocessors | |
US5533123A (en) | Programmable distributed personal security | |
US7082539B1 (en) | Information processing apparatus | |
EP1224627B1 (de) | Sicherheitssystem zum sicheren Drucken von Wertträgern | |
US6724894B1 (en) | Cryptographic device having reduced vulnerability to side-channel attack and method of operating same | |
US6766455B1 (en) | System and method for preventing differential power analysis attacks (DPA) on a cryptographic device | |
CA2263071C (en) | Postage printing system including prevention of tampering with print data sent from a postage meter to a printer | |
US6041317A (en) | Postal security device incorporating periodic and automatic self implementation of public/private key pair | |
JPH08273011A (ja) | デジタルプリンタへの計測勘定値を識別する方法 | |
KR20130132893A (ko) | 중요 데이터를 취급하기 위한 장치 및 방법 | |
US6986053B1 (en) | System for protecting cryptographic processing and memory resources for postal franking machines | |
US7028014B1 (en) | Tamper resistant postal security device with long battery life | |
CA2558529A1 (en) | Method of securing postage data records in a postage printing device | |
CA2327943C (en) | System and method for suppressing conducted emissions by a cryptographic device comprising an integrated circuit | |
DATE | SHEET 1 OF 27 SHEETS EN | |
JPH11328463A (ja) | プリンタ―のエラ―を安全に報告する郵便証印印刷システム | |
Steinmetz | SHEET 1 OF 23 SHEETS EN | |
Compliant Meter et al. | Pitney Bowes | |
EP1064622A1 (de) | Betrugssichere frankiermaschinenvorrichtung mit langer nutzungsdauer der batterie | |
NO | SHEET 1 OF 25 SHEETS EN NO. CO10930 | |
NO | SHEET 1 OF 46 SHEETS EN | |
Baum | Security Policy FrankIT Postal Revenector | |
Cryptographic | SHEET 1 OF 13 SHEETS EN |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 19990810 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): CH DE FR GB LI |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20040526 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: 7G 07B 17/00 B Ipc: 7G 06F 1/00 B Ipc: 7H 04L 9/00 A |
|
17Q | First examination report despatched |
Effective date: 20050413 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
RTI1 | Title (correction) |
Free format text: SYSTEM FOR PROTECTING CRYPTOGRAPHIC PROCESSING AND MEMORY RESOURCES FOR POSTAL FRANKING MACHINES |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): CH DE FR GB LI |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20060628 Ref country code: CH Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20060628 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REF | Corresponds to: |
Ref document number: 69736246 Country of ref document: DE Date of ref document: 20060810 Kind code of ref document: P |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
ET | Fr: translation filed | ||
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20070329 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20101119 Year of fee payment: 14 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 69736246 Country of ref document: DE Effective date: 20120601 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20120601 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20131120 Year of fee payment: 17 Ref country code: GB Payment date: 20131120 Year of fee payment: 17 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20141107 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: ST Effective date: 20150731 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20141107 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20141201 |