EP2058769A1 - Franking method and post sending system with central postage levying - Google Patents

Abstract

The method involves carrying and supplying postal items to a letter sorting center (7) of a post office carrier after stamping, and scanning and testing stamping images at the post office carrier. An integrity-check code is cryptographically verified, and a comparison integrity checkcode is formed for comparison with imprinted integrity checkcode. A tariff rate is measured for central accounting, and the postal item that is temporarily isolated from the central accounting is provided to a sender. An error is handled during testing of the images. An independent claim is also included for a mail transport system comprising a central postage collection.

Description

The invention relates to a franking method and mailing system with central postage collection. The mailing system includes a data center of a mail carrier, an operator data center, and at least one meter. The mail carrier transports the mail pieces franked by the franking machine to the mail center. The purpose of the invention is to provide a secure mailing system with simple franking devices.
So far, there was no simple solution that requires the sender either a personal computer (PC) with printer or a special very easy-to-use franking device, but requires neither an online connection for each franking nor a security module. Such an offline solution without a security module becomes possible if the postal carriers carry out the postage determination and billing as part of their service provision. That is, while the mailpieces are being read in the mail center's mail center and the destination address is being determined, appropriate software will collect the required postage for the mailpiece. It transfers a sender and postage amount record to the customer account management of the mail carrier, which posts it to a sender's customer account. Billing with the customer (sender) can be done at a decoupled time from the booking.

We call this "centralized postage collection" method, because the postage required is collected centrally at the mail carrier's mail centers and not, as in the case of traditional "decentralized postage," by the senders before being sent to post offices or mailboxes.

It was from the DE 38 40 041 A1 an arrangement for franking mail, known with a franking device, whose value printing is debited by a computer of a central clearing house, with a memory whose content is increased in each franking process and the content of which can be read by the user of the franking device. The calculator is connected to a postal account verification of billing the value pressure with a Giro calculator of the postal authority, which leads a Postgiro account of the owner of the franking device. The Giro calculator releases each individual value pressure after checking the cover and debiting.
That is, before the mail items are conveyed to the mail center of the mail carrier and read there, and the destination address is determined, the required postage for the mail item is determined and paid. In this mailing system with central postage collection no subsequent payment of the service is provided.
In order to achieve the greatest possible security with regard to the collection of postage for both the mail carrier and the user, the content of the memory designed as a piece and total memory is only readable by the user and by the computer of the clearing office and is the connection of the computer of the clearing office with the Franking device designed as permanently in service leased line (TEMEX).

For small SOHOs (Small Office Home Office), there are still no truly appropriate electronic franking solutions available on the market.
There are online solutions that require a PC with printer at the sender and establish a data connection to the postage provider for every franking.

Furthermore, there are offline solutions that require special franking devices with security module in which prepaid postage values are managed tamper-proof ( Gerrit Bleumer: Electronic Postage Systems; Springer-Verlag, New York, 2007, Chapter 4.1 Basic Cryptographic Mechanisms, page 91 ).

In the postal markets worldwide, it is still widespread today, the postage fees locally at the entrance of the postal transport channel to collect, for example, by stamp sale or acceptance of DV-franked shipments in post offices and postal agencies, by franking machines or franking service stations. For the sender, postage fees are due if the corresponding postage stamps are ordered or delivered, for example in the form of stamps, computer printing and delivery lists, franking imprints on franking machines and PC franking solutions and franking service, etc.
As postal carriers proceed to fully automatically record the processed mail for the purposes of address recognition and additional services such as shipment tracking, it is also possible to collect the postage due postage processing at the mail center. With this billing model, customers do not have to pay postage in advance, but at the end of the month, for example, they receive an invoice for their transported shipments. If required, individual transport proofs can be ordered, similar to what is usual today for telecommunications bills.
In the case of franking machines, this billing model means that no credit reloading is required, but that the franking machine serves only to detect the desired postal product and to calculate and apply a corresponding franking imprint.
We call this billing model "central postage collection" in contrast to the usual "decentralized postage collection". Central postage collection leads to a delayed payment request to the sender. Nevertheless, the term "postpay" or "pay later" would not be characteristic, because even with conventional decentralized postage collection, for example, by direct debit or credit card payment the effective debit of the customer account is de facto later than the postal service is provided.

From the US 7,110,576 B2 For example, a system and method for authenticating a mail sender that signs a mailing is known. A handwritten signature represents a sender's biometric identity that the sender applies to a mailing by making a handwritten signature using a digitizer pen. A mail carrier then scans the signature and has a central remote service check that the read signature is valid. In the remote service and the digitizer was originally registered by means of signature sample. In a special form, the digitizer pin writes information to a Radio Frequency Identity Device (RFID) with the RFID tag attached to the mailing device. As a result of reviewing the biometric feature for sufficient similarity of a biometric reference feature provided by the claimed sender, the mail carrier receives a response and applies the result on the mailpiece if it is positive. Disadvantageously, a biometric sender identifier does not allow a unique device identifier. There is no integrity check sum provided via the sender ID. In addition, it would be costly to ensure that in the mailing special technical features such as an RFID tag are available.

From the US Pat. No. 6,801,833 B2 a system for the identification of mail by means of RFID is known. The mailpieces are bundled in stacks, which in turn are grouped in containers that are themselves transported in vans. Each container is equipped with its own RFID tag, which lists all contained containers or postal items, so that at defined points of the Posttransportweges each container and each piece of mail can be automatically detected and tracked by a central computer. The RFID tag can carry the following information features: addressee, sender, shipment ID, integrity checksum of a shipment ID, shipment value or encrypted broadcast value. As a result, mailpieces are marked with unique sender IDs, but in a different form and with features other than those of the present invention. The sender can deliver a larger amount of mail by simultaneously providing a mailing manifest. In the case of manifest mailing systems, not the sender but the posting post office determines the required postage amount based on the posting list. On the individual mail items, therefore, only one feature must be attached, which establishes a reference to the associated posting list (permit imprint). Unusually, an RFID tag is provided for this purpose. A sender ID is only provided in the form of an RFID information feature. A mailing ID uniquely identifies the mail piece, whereby the mailing ID can consist of the following parts: sender account number, date, tray ID, piece ID in mailtray, e-mail address of the sender, shipment value, shipment category and mail carrier. For the identifications of the mail items and all containers, an error-correcting code (CRC) or a digital signature or a message authentication code (MAC) can be used. Integrity checks are designed to prevent mail items from being mailed to a wrong mail tray or from incorrect mailing to a wrong pallet, etc. due to technical errors (error-correcting code) or fraudulent manipulation (digital signature or message authentication code). Therefore, an RFID tag must be affixed to the individual mailpieces, but it is difficult for the large number of senders to ensure that the same conditions prevail for all. This is hardly possible if the sender attaches the RFID tag to the mail piece. A wrong adhesive can cause an RFID tag to peel off. For the sender, it is not readily possible to read information from the RFID tag. To store this information in the RFID tag, the sender would require the use of special equipment.

From the US 5,612,889 A there is known a mail processing system with unique mailpiece authorization, which is allocated prior to the entry of a mail piece into the processing stream of a mail transport service. On Mail items are stamped with an unambiguous consignment ID, which serves as an index in a posting list containing the delivery addresses of all mailpieces delivered. This allows an address correction based on the posting lists. A delivery of postal items is pre-registered electronically at the mail carrier. For this purpose, the sender creates an electronic posting list, which he transfers cryptographically secured to the mail carrier. The mail carrier evaluates the information about the expected postal items and their delivery addresses, corrects if necessary addresses and determines the necessary postage fees, and then invoices them to the sender. The mail carrier sends back to the sender a list of shipment IDs, which he prints on his mail. The sender then delivers his mail to the mail carrier. The posting list is already available to the mail carrier at this time. The ShipmentID by itself does not designate a sender, but is merely an index in a posting list. A meaning receives this consignment ID only in connection with the posting list. However, the ShipmentID is not a unique identifier that can be used on all the mailpieces of a postage meter and can identify the sender.

From the EP 710 930 B1 it is known that the mail items a unique mailing ID is impressed, which serves as an index into a posting list containing the delivery addresses or destination ZIP codes of all mailings. The aim here is to replace the address reading and recognition in the mail center with an upstream electronic process. The same basic system is described as in the previous one US 5,612,889 A , Thus, the same disadvantage applies here.

From the EP 1 058 212 A1 a method for mail processing and mail processing system is known, with staggered mail processing. Private carriers, regionally located, forward mailings for their distribution outside their business region to a national postal carrier. A Identification of the sender takes place by means of a chip card, which the customer of the private mail carrier carries with him and inserts in a card reader of the mailing station (mailbox) when the customer gives up the mail. It is envisaged that the customer will receive a receipt on the post inserted in a mailbox and initially delivered to a first carrier / location. The chip card serves as a customer card, which already has an identification number. Each mail item is provided with a machine-readable mark consisting of a number specific to each mail item and further shipping data. The first carrier transports the mail from the post office (mailbox) to the first location and franks the letter with a franking stamp and makes a debit from the customer account at a customer bank and delivers the franked letter at a postal distribution center of a second carrier, which carries the post , After the marking of the mail item, therefore, a conventional franking is carried out and a conventional posting list is generated. The due postage amount will be determined and charged while the mail is being delivered. In the same process, the corresponding markings are applied to the postal items. The mark may include the date and time of delivery and also an identification of the customer, which has been previously read from the customer card in the loading station. This procedure can be referred to as "semi-central postage collection". Security checks in addition to the consignment ID and sender ID were not disclosed.

In the case of decentralized postage collection, prepaid electronic money or credit is loaded into the franking device. If it succeeds in manipulating this money supply, unpaid postal service can be claimed as a result. This is difficult to recognize by the injured postal carrier and even more difficult to trace back to the individual fraudster. A disadvantage is the required effort by hardware security module or an online data connection for franking, which should prevent the fraudulent manipulation.

The invention has for its object to avoid the disadvantages and to provide and build a franking and mailing system with central Porto collection, which is still guaranteed by means of simpler and user-friendly franking devices, the security of the system. The franking device is to apply a tamper-proof device identifier on the mail piece.

According to the invention, this object is achieved by a method having the features of claim 1 and a mailing system having the features of claim 17.

Given the need for a different model of trust than decentralized postage, the security of postage for postage meters was increased despite their simplified design. Centralized data can be better protected against counterfeiting. In the case of central postage collection, each franking device uses an individual device identifier which is stamped on all of its franking imprints. During the registration of each franking device, the mail carrier associates the device identifier with an electronic device account, to which he later assigns all postage for postal items bearing the corresponding device identifier. Billing with the customer can be carried out in a time-decoupled manner from the booking. The sender's bank account is debited with the accrued costs of an electronic device account, preferably at the end of each accounting period.

The central postage collection enables franking solutions at the sender, which can work safely offline and without a security module. However, the mail items must carry a counterfeit-proof identifier of the sender or of his franking device, so that the postage costs can be correctly assigned to the originating senders. This is achieved by means of a symmetrical encryption of parameters and with a key that alters with each franking imprint and which can be kept synchonous in the carrier data center, without requiring any communication between the franking device and the carrier data center for each franking. Rather, an initial initialization of the franking device is sufficient.

In this case, a secret first franking picture key is transmitted in encrypted form from the franking device via the operator data center to the mail carrier data center. The latter can be encrypted in the franking device by means of a private communication key and decrypted in the operator data center by means of a public communication key. In principle the same way, the secret first franking key can be further transmitted encrypted to the mail carrier data center. The latter thus has a currently valid first franking image verification key, which is stored assigned to the sender or his device identifier. A marking on a mail piece or a franking picture has at least one device identifier of the franking device, a key generation number and an integrity check code. The latter allows a check of the integrity of such parameters as device identifier and key generation number because the latter are encrypted by means of the currently valid first franking image key to the integrity check code. During the initialization of the franking device, the device identifier of the franking device, the key generation number and the first franking picture key are transmitted to the data center of the mail carrier.

After a franking, a currently valid second franking image key is generated in the franking device from the first or previously valid franking image key, which corresponds to a currently valid second franking image verification key, but which is generated on the mail carrier side. The local key generation number in a franking device and its local copy on the side of the mail carrier are kept synchronized in order to be able to derive the currently valid franking image verification key from a previously valid franking image verification key.

Each device ID is uniquely associated with a customer account that has spent postage at the end of each pay period Be billed. After each franking, the key generation number is changed in the franking device, whereby a stepwise change of the key generation number takes place by a predetermined numerical value. For example, the key generation number is incremented by one. Then a next valid cryptographic key is derived from the currently valid cryptographic key according to a first algorithm.
The franking device is equipped with electronics for securely managing a postal identity and is called Postal Identity Management Device (PIMD) for better differentiation from the ordinary franking machines.
Advantageously, no prepaid electronic money or electronic credit now has to be loaded into the franking devices. There is therefore no way to manipulate prepaid electronic money. There is also no way to trick the mail carrier by copying impressions. There is absolutely no incentive for a sender to manipulate his own meter. Therefore, from the point of view of the mail carrier there is also no need to protect franking devices against interference by their users, which means there is no need for a hardware security module in franking devices. Nor does an online connection need to be established before or during franking except when the PIMD is initialized.
However, there is always the option for each sender to use an invalid or incorrect device ID (device ID). If a sender manages to hijack a foreign device identifier, he could send his mail at the expense of the hijacked device.

1. a) Schutz vor Missbrauch der Identifikation des Absender-Frankiergeräts mittels Passwort-Eingabe via Tastatur oder alternativ mittels RFID-Ausweis, Magnetkarte, Chipkarte, mobiles Gerät (Handy, Organizer) verbunden über persönliches Netzwerk (Bluetooth, USB, etc.) auf der Frankiergeräteseite.
2. b) Authentikation der Gerätekennung in jedem Frankierabdruck auf der Postbefördererseite, um die Verwendung falscher Gerätekennungen auszuschließen.
3. c) Einmal-Authentikation der Gerätekennung in jedem Frankierabdruck auf der Postbefördererseite, um die Wiederverwendung kopierter Authentikationen falscher Gerätekennungen auszuschließen. Es ist vorgesehen, dass jeder kryptographische Frankierbildschlüssel für höchstens ein Frankierbild verwendet wird, welches abtastbare Informationen, wie die Gerätekennung des Frankiergeräts, die Schlüsselgenerationsnummer und den Integritäts-Checkcode enthält.
4. d) Sicherung der Kommunikations-Verbindung mindestens zum Betreiber-Datenzentrum durch Verschlüsselung.
5. e) Bei Multi-User-Frankiergeräten, zum Beispiel PC-Frankierer, müssen die verschiedenen Benutzer eines Frankiergeräts gegeneinander geschützt werden. Das kann beim Einsatz eines PC's mithilfe bekannter Betriebssysteme gelöst werden, die separate Benutzerkonten verwalten können.

Invalid device identities are, however, basically recognizable by the letter centers if they are evaluated online, ie during letter sorting. Only incorrect device identifications are basically not recognizable by the mail centers because the true identity of the sender is unknown. Although this could be detected by a biometric recognition of the consignor at the mailbox, etc., the franking device would not be simpler in this case. The use of incorrect device identifiers is therefore without additional measures in the delivery process Not recognizable, and therefore the fraud potential for this is relatively large. A fraudulent manipulation of the device identifier, however, can be made considerably more difficult by a combination of the following measures:

1. a) Protection against misuse of the identification of the sender franking device by means of password input via keyboard or alternatively by means of RFID card, magnetic card, chip card, mobile device (mobile phone, organizer) connected via personal network (Bluetooth, USB, etc.) on the franking device side ,
2. b) Authentication of the device identifier in each franking imprint on the mail carrier side in order to exclude the use of incorrect device identifications.
3. c) One-time authentication of the device identifier in each franking imprint on the mail carrier side in order to prevent the reuse of copied authentications of incorrect device identifiers. It is envisaged that each cryptographic franking image key is used for at most one franking image containing scannable information, such as the device identifier of the postage meter, the key generation number and the integrity check code.
4. d) securing the communication connection at least to the operator data center by encryption.
5. e) In the case of multi-user franking devices, for example PC frankers, the various users of a franking device must be protected against each other. This can be solved by using a PC using known operating systems that can manage separate user accounts.

Since the first key generation number is forwarded to a data center of the mail carrier together with the first franking picture key and the device identifier, a remote scan can be sent there and evaluation of franking images to be checked, which have been applied by the franking device to the mailpieces.
An integrity check code is generated according to a second crypto-algorithm by means of the secret cryptographic franking key of the sender's franking device, the device identifier of the franking device and the current key generation number, whereby the franking image, at least the device identifier of the franking device, the current key generation number and the integrity check code can be scanned contains.
In the data center, deriving a franking image verification key that corresponds to the next secret franking image key from the first franking image key and from the current key generation number that can be scanned in the franking image by each further mail piece can be carried out according to a first crypto algorithm, if a new franking image key from a predecessor is used for each franking image of the franking picture key was derived according to the same first crypto-algorithm.
It is envisaged that an evaluation of the scanned data by means of a test procedure in the data center of the mail carrier comprises a determination of the mathematical relationship of the sampled key generation number to the copy of the last used key generation number. The value of the change from the copy of the most recently used key generation number results from the product of each increment with the number of changes. By stepwise changing the key generation number by a predetermined number in preparation of a subsequent franking picture key, the aforementioned mathematical relationship results from the number of changes. A franking image verification key is calculated according to the first crypto algorithm, the first crypto algorithm being applied as many times as dictated by the mathematical relationship. The mail piece is subject to sorting and the scanned data to error handling if stepping the key generation number by a predetermined number does not produce the expected result, ie, the mathematical relationship of the given mathematical relationship does not match. This is the case, for example, if the established mathematical relationship does not result from the number of changes. When synchronism between the meter and the data center, that is, between both the sampled key generation number and its computed copy and between the secret cryptographic key and the computed indicia key, is established in the aforementioned manner, a comparison integrity check code may be computed in the data center to obtain the Cryptographically verify the scanned integrity check code. A central postage is charged at the data center of the mail carrier, if the authenticity of the integrity check code has been verified.
A mailing system with central postage collection includes a mail center mail center and data center, an operator data center, and a plurality of postage meters. The mail carrier transports the postal items franked by the franking machine in the usual way to the letter center. Each franking device is in contact with the operator data center via a communication connection via the network and via a communication connection as required, which registers the device identifier of its users and offers additional services. Each franking machine can print franking imprints on letters and / or labels for mail pieces, which are subsequently delivered to the mail center for further mailing, which is communicatively connected to the data center of the mail carrier. The data center of the letter center is connected via a communication link to the network and can also communicate with the operator data center, as conversely the operator data center with the letter center data center. Thus, as a result of an initialization of a postage meter, information from the postage meter may be routed via the operator data center to the data center of the mail carrier, even though the postage meter will not enter into direct communication with the data center of the mail carrier. Due to the aforementioned information, the data center of the mail carrier for the evaluation of information of the franking image in a position, in particular for reading and assigning the Device identifier to a sender and to postage fees for postal items of the same sender to a separate account or error handling.
It is provided that the franking device contains a key generation means which generates a new franking picture key for each next franking picture.
Furthermore, communication means are provided in order to establish synchronicity between the franking device and the data center as required via the communication connection.
There are scanning means in the mail center and first evaluation in the data center of a mail carrier provided communicatively connected to each other, which determined by the first evaluation the sender of the mail piece on a stored in a database assignment of the device identifier to a sender and the postage fee is determined by Portzoberechnungsmittel.
The data center evaluation means include second means for security checking each scanned franking image which, when it is possible to establish synchronicity between the scanned key generation number and its calculated copy and between the secret cryptographic key and the calculated indicia key, displays a compare integrity check code in Data Center calculates to cryptographically verify the scanned integrity check code.
A means for booking the postage for postal items of the same sender on a separate account and a means for error handling is provided in the data center of the mail carrier, wherein the central postage collection is performed when the authenticity of the integrity check code has been proven.

The second means for security checking are programmed so that a determination of the mathematical relationship of the sampled key generation number to the copy of the last used key generation number takes place, wherein a franking image verification key corresponding to the current subsequent franking image key of the franking device the first generated according to the determined mathematical relationship z times, and the franking image verification key together with the copy of the currently used key generation number and the device identifier to form a comparison integrity check code after the second crypto Algorithm is used.

• Die beschriebenen Frankiergeräte eines Systems mit zentraler Portoerhebung brauchen nicht mit einer speziellen Sicherheits-Hardware ausgestattet zu werden. Da das Betrugsrisiko für Postbeförderer verschwindend gering wäre, können die Zulassungsanforderungen gegenüber Frankiersystemen mit dezentraler Portoerhebung deutlich reduziert werden. Die beschriebe-nen Frankiergeräte können deutlich preiswerter hergestellt und in Verkehr gebracht werden, als Frankiermaschinen mit dezentraler Portoerhebung.
• Frankierabdrucke für zentrale Portoerhebung können sehr einfach gestaltet werden. Notwendig ist nur die einmal authentisierte Gerätekennung. Weitere Informationen herkömmlicher Frankierabdrucke wie z.B. Datum, Portowert, Postproduktcode, brauchen nicht im Frankierabdruck enthalten zu sein, weil sie alle im Wege der zentralen Portoerhebung bestimmt werden können.
• Eine Kommunikation über ein Kommunikationsnetz ist innerhalb des Postversandsystems bei Bedarf möglich und muss nicht für jedes Poststück erfolgen.

The invention has the following advantages over the prior art:

• The described franking devices of a system with central postage collection need not be equipped with a special security hardware. Since the risk of fraud for postal carriers would be negligible, the licensing requirements for franking systems with decentralized postage collection can be significantly reduced. The franking devices described can be manufactured and placed on the market much more cheaply than franking machines with decentralized postage collection.
• Franking imprints for central postage collection can be designed very simply. Necessary is only the once authenticated device identifier. Further information of conventional franking imprints, such as date, postage value, post-product code, need not be included in the franking imprint, because they can all be determined by way of central postage collection.
• Communication over a communications network is possible within the mailing system as needed and need not occur for each mailpiece.

Fig. 1a,

Frankiersystem mit unterschiedlichen Varianten an Kommunikationsverbindungen,

Fig. 1 b,

Prinzipdarstellung einer bedruckten Briefoberseite,

Fig. 1 c,

schematische Darstellung der Abläufe beim Postbeförderer,

Fig. 2,

Blockschaltbild eines Frankiergrätes (PIMD's),

Fig. 3,

Darstellung der Ebenen des Speicherschutzes eines PIMD's,

Fig. 4,

Flussplan bei der Initialisierung eines PIMD's,

Fig. 5,

Flussplan beim Wechseln eines Passworts,

Fig. 6,

Flussplan beim Berechnen eines Frankierabdrucks,

Fig. 7,

Flussplan zur Echtheitsüberprüfung einer Geräte-ID,

Fig. 8,

Flussplan beim Senden eines Frankierbildschlüssels des PIMD's an dasPostbeförderer-Datenzentrum.

Further advantageous features of the invention can be found in the dependent claims. The invention will be explained in more detail below the embodiment. Show it:

Fig. 1a,

Franking system with different variants of communication links,

Fig. 1b,

Schematic representation of a printed letter top,

Fig. 1c,

schematic representation of the processes at the mail carrier,

2,

Block diagram of a franking bank (PIMD's),

3,

Representation of the levels of memory protection of a PIMD,

4,

Flowchart during the initialization of a PIMD,

Fig. 5,

Flowchart when changing a password,

6,

Flowchart in calculating a franking imprint,

Fig. 7,

Flowchart for checking the authenticity of a device ID,

8,

Flowchart when sending a franking image key of the PIMD to the mail carrier data center.

Based on Fig. 1a a franking system with different variants of communication links between an operator data center and franking devices is shown. Small mobile franking devices 10, 10 ', 10 ", 10 * can generate franking imprints with their printer module into which a device identifier is forged counterfeit-proof Such postage meters are also referred to below as a Postal Identity Management Device (PIMD) Each PIMD is connected via a communication link 11 , 11 ', 11 ", 11 * via network 18 and a communication link 19 in contact with the operator data center 14. There, it registers the device identifier for its users and receives additional services offered. Each PIMD may print franking imprints 9.3 on letters 9 and / or labels for mail pieces that are subsequently delivered to a mail center data center 7 for further mailing. The letter center 7 is connected via a communication link 8 to the network 18 and can also communicate with the operator data center 14, as conversely the operator data center 14 with the mail center data center 7. The communication links 8 and 19 allow, for example, a communication via Internet or telephone network ,

1. A) Ein PIMD 10' verbindet sich über ein Funk-WAN 13' (beispielsweise GSM, UMTS Modem) mit eine Funk-Station 6', welche via der Kommunikationsverbindung 11', Netz 18 und der Kommunikationsverbindung 19 mit dem Betreiber-Datenzentrum 14 verbindbar ist.
2. B) Ein PIMD 10 ist über ein leitungsgestütztes Telefonnetz 11, 18, 19 direkt mit dem Betreiber-Datenzentrum 14 verbindbar.
3. C) Ein PIMD 10" ist über ein Funk-LAN (WiFi) oder Funk Personal Network (Bluetooth) 13" mit einer Funkstation 6" eines PC 12" verbunden, der sich via Kommunikationsverbindung 11" (zum Beispiel Internet), Netz 18 und Kommunikationsverbindung 19 mit dem Betreiber-Datenzentrum 14 verbinden läßt.
4. D) Ein PIMD 10* ist über eine Punkt-zu-Punkt Verbindung (USB) 15* mit einem PC 12* verbunden, der sich via Kommunikationsverbindung 11* (zum Beispiel Internet), Netz 18 und Kommunikationsverbindung 19 mit dem Betreiber-Datenzentrum 14 verbinden läßt.
5. E) Die Funktion eines PIMD's ist in den PC 12* integriert. Das kann durch eine entsprechende Software und/oder Hardware (Einschub nicht dargestellt) geschehen. Der PC 12* steht einerseits via einer Punkt-zu-Punkt Verbindung (USB) 16* mit einem handelsüblichen Drucker 17* und andererseits via Kommunikationsverbindung 11* (zum Beispiel Internet), Netz 18 und Kommunikationsverbindung 19 mit dem Betreiber-Datenzentrum 14 in Kommunikationsverbindung.

Each PIMD communicates via the network 18 with the operator data center 14. To secure the communication connection, symmetric or asymmetric encryption can be used. For example, a secret first key is transmitted encrypted by the franking device via the operator data center 14 to the mail carrier data center 7. The latter can be encrypted in the franking device by means of a private key and decrypted in the operator data center by means of a public key. For example, the operator data center 14 may also communicate with the mail carrier data center 7 via an encrypted connection via network 18 or via a leased line (not shown). In this case, a more or less different technology can be used. Some connection variants are in Fig. 1a shown:

1. A) A PIMD 10 'connects via a wireless WAN 13' (for example, GSM, UMTS modem) with a radio station 6 ', which via the communication link 11', network 18 and the communication link 19 with the operator data center 14 connectable is.
2. B) A PIMD 10 can be connected directly to the operator data center 14 via a line-based telephone network 11, 18, 19.
3. C) A PIMD 10 "is connected via a wireless LAN (WiFi) or radio personal network (Bluetooth) 13" to a radio station 6 "of a PC 12" connected via communication link 11 "(for example Internet), network 18 and Communications link 19 can connect to the operator data center 14.
4. D) A PIMD 10 * is connected via a point-to-point connection (USB) 15 * to a PC 12 * connected to the operator data center 14 via communication link 11 * (for example Internet), network 18 and communication link 19 lets connect.
5. E) The function of a PIMD is integrated into the PC 12 *. This can be done by appropriate software and / or hardware (insert not shown). The PC 12 * is on the one hand via a point-to-point connection (USB) 16 * with a standard printer 17 * and on the other hand via communication link 11 * (for example, Internet), network 18 and communication link 19 with the operator data center 14 in communication ,

• Übermitteln des ersten Frankierbildschlüssels IDAKey ₁ zur entfernten Auswertung von zu überprüfenden Frankierbildern auf Poststücken,
• Berechnung eines Frankierbilds vor der Erzeugung einer Frankierung, wobei für jedes Frankierbild ein neuer Frankierbildschlüssel aus einem Vorgänger des Frankierbildschlüssels nach einem ersten Krypto-Algorithmus abgeleitet und wobei ein Integritäts-Checkcode M basierend auf dem neuen Frankierbildschlüssel, einer Schlüsselgenerationsnummer i, einer Gerätekennung g des Frankiergeräts und basierend auf einem zweiten Krypto-Algorithmus erzeugt wird, wobei das Frankierbild, mindestens die Gerätekennung g des Frankiergeräts, die Schlüsselgenerationsnummer i und dem Integritäts-Checkcode M aufweist,
• Befördern und Einliefern von Poststücken in ein Briefzentrum des Postbeförderers nach dem Frankieren, Abtasten und Prüfung von Frankierbildern beim Postbeförderer, wobei der Integritäts-Checkcode M kryptographisch verifiziert wird, indem ein Vergleichs-Integritäts-Checkcode zum Vergleich mit dem aufgedruckten Integritäts-Checkcode gebildet wird und wobei Gebühren zur zentralen Buchung erfaßt werden, welche dem Absender der Poststücke zeitlich entkoppelt von der Buchung am Ende der Abrechnungsperiode in Rechnung gestellt werden sowie
• Fehlerbehandlung beim Prüfen.

The basic operation of the system is divided into the process steps:

• Transmitting the first franking image key IDAKey ₁ for the remote evaluation of franking images to be checked on mailpieces,
• Calculation of a franking image before the generation of a franking, wherein for each franking image a new franking image key is derived from a predecessor of the franking image key according to a first crypto algorithm and where an integrity check code M based on the new franking image key, a key generation number i, a device identifier g of the franking device and is generated based on a second crypto-algorithm, the franking image having at least the device identifier g of the franking device, the key generation number i and the integrity check code M,
• Conveying and delivering mailpieces to a mail carrier mail center after franking, scanning, and inspecting postage meter mailers at the mail carrier, wherein the integrity check code M is cryptographically verified by a compare integrity check code is formed for comparison with the printed integrity check code and whereby central booking fees are recorded, which are billed to the sender of the postal items at a decoupled time from the booking at the end of the billing period, and
• Error handling during testing.

Calculation of franking imprints

• g Eine Geräte-ID (deviceID) ist die Kennung des Frankiergeräts, die zu dessen Identifikation herangezogen werden kann.
  Benutzt ein Kunde mehrere verschiedene Frankiergeräte, so verwendet er verschiedene eindeutige Gerätekennungen für jedes Frankiergerät. Jede Gerätekennung ist eindeutig einem Kundenkonto zugeordnet, dem am Ende jeder Abrechnungsperiode (z.B. am Monatsende) die Umsätze aller zugeordneten Frankiergeräte belastet werden.
• i Eine Schlüsselgenerationsnummer.
  Ein schrittweises Verändern der Schlüsselgenerationsnummer i kann um irgendeinen festgelegten Zahlenwert h erfolgen. Die Schlüsselgenerationsnummer i wird mit jeder Frankierung um vorzugsweise den Wert h = 1 erhöht oder verringert. Jeder Schlüsselgenerationsnummer ist eineindeutig ein kryptographischer Schlüssel IDAKeyi zugeordnet, der zur Berechnung von Integritäts-Checkcodes von Frankierabdrucken (Indicia) verwendet wird.
• M Ein Integritäts-Checkcode.

To make a franking, the sender determines the required postage in a known manner and starts the franking with his PIMD. The PIMD may include an integrated balance and / or a postage calculator. The PIMD prints optional plain text information such as the required postage value, the current date and, if necessary, details of the item of mail (product name, etc.).
The PIMD also prints a marker, such as a machine-readable barcode, which contains the following information:

• g A device ID (deviceID) is the identifier of the postage meter that can be used to identify it.
  If a customer uses several different franking devices, he uses different unique device identifiers for each franking device. Each device identifier is uniquely assigned to a customer account, which at the end of each accounting period (eg at the end of the month) will be charged to the sales of all assigned franking devices.
• i A key generation number.
  A stepwise change of the key generation number i can be done by any given numerical value h . The key generation number i is increased or decreased with each franking by preferably the value h = 1. Everyone Key generation number is uniquely associated with a cryptographic key IDAKeyi used to calculate integrity check codes of indicia.
• M An integrity check code.

This code M is calculated using an algorithm for a message authentication code (MAC) over the above-mentioned data ( Henk CA van Tilborg: Encyclopedia of Cryptography and Security; Springer-Verlag New York, 2005, pages 361-367 ). Preferably, a hash based message authentication code (HMAC) is used (ibid pages 14 and 267). For HMAC formation, a secret cryptographic key of the sender is used according to the following formula (1): $$\mathit{M}\mathit{\leftarrow }\mathit{HMAC}\left({\mathit{IDAKey}}_{}..f\left(Gi{\mathit{IDAKey}}_i\right)\right)\mathrm{,}$$

Here f is a function with the parameters g , i and IDAKeyi. Preferably, the function f returns the string g || as the result i consisting of the bitwise superimposition of the parameters g and i: $$\mathit{M}\mathit{\leftarrow }\mathit{HMAC}({\mathit{IDAKey}}_{i.G}{\Vert }_i)\mathrm{,}$$

During the initialization of a franking device, its key generation number is set to one and an initial cryptographic (first) key IDAKey _{1 is} generated. During the subsequent registration of the franking device, the franking device identifier g , the first key generation number i = 1 and the associated first cryptographic key IDAKey _{1 are} transmitted to the mail carrier . In this way, the mail carrier receives the same secret cryptographic key used by the meter.

The key generation numbers and cryptographic keys received by the mail carrier and subsequently managed are denoted by j and IDAKey _j , respectively. The aim is to synchronize the local generation number i in a postage meter and its local copy j on the mail carrier side. How this goal is achieved will be explained in more detail by examining franking imprints and troubleshooting in the following steps.

After each franking, the key generation number i in the PIMD is increased by one and a new cryptographic key IDAKey _{i + 1 is} derived from the current key IDAKey _i according to formula (3): $${\mathit{IDAKey}}_{i+1}\leftarrow \mathit{hash}\left(j{\mathit{IDAKey}}_i\right)$$

The formation of a hash value after a hash function is also among other things Henk CA van Tilborg: Encyclopedia of Cryptography and Security; Springer-Verlag New York, 2005, pages 256-264 out.

For the i- th franking after initialization of the franking device, the key generation number i and the cryptographic key IDAKey _i are used. This ensures that each cryptographic key is used for at most one franking.

Checking of frankings

The franked shipments are delivered as known to the desired mail carrier. The mail carrier sorts the mailpieces, automatically reads the franking imprints including the contained barcodes, then transports the mailpieces to the destination address and delivers them there. The present invention assumes that Before sorting, all mail items are read and their barcodes can be recognized to approximately 100% and decoded correctly.

When reading the mail, the plain text information is evaluated and used to determine the postage value. In one embodiment, the postage value can be easily read. In a second embodiment, the printed postage value can be checked on a random basis. In a third embodiment, the postage value is not printed and read, but determined directly from the physical parameters (length, width, thickness, weight, additional services) of the mailing in the letter center.

1. (I) Zuerst wird mittels eines ersten Prüfschrittes geprüft, ob die Frankiergerätekennung g in der Datenbank des Datenzentrums bekannt ist. Ist die Prüfung erfolgreich, so ermittelt der Postbeförderer aus seiner Datenbank die lokale Kopie j auf der Seite des Postbeförderers der zuletzt gelesenen Schlüsselgenerationsnummer i und den zugehörigen Frankierbildprüfschlüssel IDAKey_j.
2. (II) Anschließend wird mittels eines zweiten Prüfschrittes geprüft, ob die lokale Kopie J der aktuell gelesenen Schlüsselgenerationsnummer i + x größer bzw. ob i - x kleiner ist, als die letzte von diesem Frankiergerät mit derselben Gerätekennung g gespeicherte lokale Kopie j der Schlüsselgenerationsnummer i. Ist diese Prüfung erfolgreich, so wird der aktuelle Frankierbildschlüssel IDAKey_J berechnet. Im allgemeinen Fall gilt J = j + x für aufsteigende oder J = j - x fallende Schlüsselgenerationsnummern. Aufgrund eines konstanten Schrittwertes h und der Anzahl z der Schritte ergibt sich der Wert x der Veränderung der Schlüsselgenerationsnummer insgesamt nach der Formel (4) zu: $$x=h\cdot z$$
   
   
   Bei einem Schrittwert h = 1 und der Anzahl z = 1 der Schritte, d.h. im bevorzugten Normalfall J = j + 1 berechnet man den aktuellen Schlüssel nach folgender Formel (4): $${\mathit{IDAKey}}_{}\leftarrow \mathit{hash}\left(j,{\mathit{IDAKey}}_j\right)\mathrm{.}$$
   
   
   Anderenfalls, muss die Prüfung zum Beispiel bei einem Vorkommen von Abtast- oder Lesefehlern nicht immer erfolgreich sein. Das betreffende Poststück wird ausgesondert. Das nächstfolgende Poststück desselben Absenders weist in der aktuell gelesenen Schlüsselgenerationsnummer eine größere Änderung auf, weil die Anzahl z der Schritte mit dem Schrittwert h = 1 erhöht ist. Folglich wird die obige Rechenvorschrift umgestellt und im Datenzentrum (J - j ) · 1/ h = z Mal rekursiv angewendet. Das vorgenannte nächstfolgende Poststück desselben Absenders hat im bevorzugten Normalfall (h = 1) ein Frankierbild mit einer aktuell gelesenen Schlüsselgenerationsnummer i + 2 und einen aktuellen Frankierbildschlüssel IDAKey _{i + 2}. Der Wert der lokalen Kopie j muss folglich entsprechend dem Wert x der Veränderung, d.h um x = 2 geändert und die Formel (5) noch einmal zusammen mit dem zuletzt berechneten Frankierbildprüfschlüssel für das ausgesonderte Poststück angewendet werden, um einen aktuellen Frankierbildschlüssel ableiten zu können.
3. (III) Danach wird im dritten Prüfschritt der gelesene Integritäts-Checkcode M kryptographisch verifiziert, indem die folgende Gleichung (6) geprüft wird: $$M=\mathit{HMAC}\left({\mathit{IDAKey}}_{},f\left(g{\mathit{IDAKey}}_{}\right)\right)\mathrm{.}$$
   
   
   Hierbei ist, f eine Funktion mit den Parametern g, J und IDAKey_J.
   Es wird die Funktion ,f, die vorzugsweise eine Zusammenstellung der Parameter g, J zu einer (alphanumerischen) Zahl umfasst, mit dem geheimen Frankierbildschlüssel IDAKey_J verschlüsselt, um einen Zahlenwert als Basis der HMAC-Bildung zu erzeugen. Wenn also vorzugsweise nach der Formel (2) gearbeitet wird, dann ist auch vereinfachend für die Sicherheitsüberprüfung vorgesehen, dass nach der Gleichung (7) geprüft wird, um den Integritäts-Checkcode M kryptographisch zu verifizieren: $$M=\mathit{HMAC}\left({\mathit{IDAKey}}_{}\left(g\Vert \right)\right)\mathrm{.}$$
   
   
   Ist auch diese Prüfung erfolgreich, so wird der ermittelte Portobetrag dem elektronischen Gerätekonto zugeschlagen, das der Postbeförderer für dieses Gerät im Datenzentrum des Briefzentrums führt. Am Ende der Abrechnungsperiode werden alle auf diesem Gerätekonto aufgelaufenen Gebühren dem betreffenden Kundenkonto belastet.

Furthermore, the content of the barcode is determined, evaluated and checked as follows during reading:

1. (I) First, by means of a first checking step, it is checked whether the franking device identifier g is known in the database of the data center. If the check is successful, the mail carrier ascertains from its database the local copy j on the side of the mail carrier of the last-read key generation number i and the associated franking image check key IDAKey _j .
2. (II) Subsequently, it is checked by means of a second checking step whether the local copy J of the currently read key generation number i + x is greater or if i - x is smaller than the last local copy j of the key generation number i stored by this franking device with the same device identifier g , If this check is successful, the current franking key IDAKey _{J is} calculated. In the general case, J = j + x applies to ascending or J = j- x falling key generation numbers. Due to a constant step value h and the number z of steps results in the value x of the change of the key generation number in total according to the formula (4) to: $$x=H\cdot z$$
   
   
   With a step value h = 1 and the number z = 1 of the steps, ie in the preferred normal case J = j + 1, the current key is calculated according to the following formula (4): $${\mathit{IDAKey}}_{}\leftarrow \mathit{hash}\left(j,{\mathit{IDAKey}}_j\right)\mathrm{,}$$
   
   
   Otherwise, the test may not always be successful in the presence of sample or read errors. The mail piece in question is discarded. The next following mailpiece of the same sender has a major change in the currently read key generation number because the number z of steps having the step value h = 1 is increased. Consequently, the above calculation rule is changed over and recursively applied in the data center ( J - j ) * 1 / h = z times. The aforementioned next postal item of the same sender has in the preferred normal case (h = 1) a franking picture with a currently read key generation number i + 2 and a current franking picture key IDAKey _{i + 2} . The value of the local copy j must consequently be changed by x = 2 according to the value x of the change, and the formula (5) must again be used together with the last calculated franking image check key for the rejected mail piece in order to derive a current franking image key.
3. (III) Thereafter, in the third checking step, the read integrity check code M is cryptographically verified by checking the following equation (6): $$M=\mathit{HMAC}\left({\mathit{IDAKey}}_{}.f\left(G{\mathit{IDAKey}}_{}\right)\right)\mathrm{,}$$
   
   
   Here, f is a function with the parameters g , J and IDAKey _J.
   The function, f , which preferably comprises a compilation of the parameters g , J into an (alphanumeric) number, is encrypted with the secret franking key IDAKey _J to produce a numerical value as the basis of the HMAC formation. If, therefore, preference is given to working according to formula (2), it is also provided simplifying for the security check that is checked according to equation (7) in order to cryptographically verify the integrity check code M : $$M=\mathit{HMAC}\left({\mathit{IDAKey}}_{}\left(G\Vert \right)\right)\mathrm{,}$$
   
   
   If this check is also successful, the determined postage amount is added to the electronic device account that the mail carrier for this device keeps in the data center of the letter center. At the end of the billing period, all fees accrued on this device account will be charged to the relevant customer account.

Error handling with troubleshooting

1. a) Der Brief wird an den Absender zurückgeschickt.
2. b) Die Postbeförderung kann beendet, und der Brief vernichtet werden.
3. c) Der Adressat kann informiert und gefragt werden, ob er den Brief auf eigene Rechnung zugestellt bekommen möchte. Falls das nicht der Wunsch des Adressaten ist, kann wie unter a) beschrieben verfahren werden.

If the test fails by means of the first test step (I), an invalid sender identification was evidently used. Transmission errors would have already been compensated by the error correction of the barcode used. It is up to the respective postal carrier to define an error handling for this case. Possible treatments are:

1. a) The letter will be returned to the sender.
2. b) The mail can be canceled and the letter destroyed.
3. c) The addressee can be informed and asked whether he would like to receive the letter for his own account. If this is not the wish of the addressee, the procedure described under a) can be followed.

If testing fails by means of the second test step (II), then there is either a replay attack or the control of the PIMD is working incorrectly. In any case, the mail carrier prints on the mailpiece the last stored key generation number of the relevant franking device and sends it back to the operator of the recognized franking device. In addition, the latter should also be notified electronically via the return and the current key generation number known at the data center (e-mail, SMS), so that in the meantime he does not frank further mailpieces with incorrect key generation numbers.

If the test fails by means of the third test step (III), then there is a fatal error, because since the key generation number i of the generating PIMD and its copy j in the checking letter center match, ie check (II) was successful, the cryptographic keys would also have to match. In this case, reinitialize and register the PIMD.

A new initialization can preferably take place in that the data center 7 of the mail carrier generates a new franking picture key IDAKey * _j and determines a difference value Δ according to the following formula (8): $$\mathrm{\Delta }\leftarrow {\mathit{<figure-callout\; id="1"\; label="IDAKey"\; filenames="imgf0002.png,imgf0005.png"\; state="\{\{state\}\}">IDAKey</figure-callout>}}_1\mathrm{XOR}{\mathit{IDAKey}*}_{}$$

(XOR denotes the BOOL operation of the bitwise exclusive-OR). The difference Δ is then printed on the return shipment, which is sent back to the sender of the item. The difference value Δ is additionally transmitted by electronic means to the data center 14 of the operator of the recognized franking device. Since the first franking picture key is known to the operator data center and is logically linked to the new franking picture key via the exclusive-or-function, the new franking picture key IDAKey * _j can be determined. The new franking picture key can now be sent or transmitted to the relevant PIMD by way of secure communication. The steps required in PIMD initialization may be modified to apply to the PIMD adopting the new franking image key.

The Fig. 1b shows a schematic representation of a printed letter top with a first field for the sender address or advertising, with a second field 9.2 for a mark in the recipient address field and a third field 9.3 for the franking. The aforementioned marking and / or franking contains a tamper-proof device identifier. Of course, the device identifier / franking imprints are encoded coded in 2D barcodes. Due to the small amount of data, the device identifier can also be printed as a 1D barcode. For example, GS1-128 (UCC / EAN-128) or USPS OneCode are suitable here. These barcodes are reliably readable at high speed and at the same time allow the reader to automatically correct a certain error rate. They are already being read in many mail letter centers and do not require any further investment in scanner technology.

Alternatively, OCR fonts could be used to print and read the device identifiers.
The amount of information needed for an authenticated device ID depends essentially on the number of possible senders. At 4 Bytes required for a checksum and a number of x millions of possible senders will be at least a number of # I = log ₂₅₆ (x * 10 ⁶ ) + 4 = log ₂₅₆ (x) + 6 * log ₂₅₆ (10) + 4 = log ₂₅₆ (x) +6.5 bytes needed to encode a device ID. A postal market of up to 17 million senders therefore requires 7 bytes, a market up to 4 billion senders 8 bytes, and a market up to 1.09 billion senders 9-byte device identifiers. A total of approx. 1.6 million franking machines are currently in stock on the US market. A 7-byte device identifier appears to be sufficient here. When the franked mail pieces pass through the corresponding sorting facilities of the postal letter centers, the impressions are read, the printed postage, the device identifier and other information are recorded, checked and evaluated in a data center of the Post Brief Center. Each sender is charged on the basis of this evaluation the postal service provided for him.

The Fig. 1c shows a schematic representation of the processes at the letter carrier. After a marking and / or franking has been generated in a first step 1, which comprises generating a tamper-proof device identifier, the item of mail is transported. A white arrow indicates the transport direction.

• 301 Dekodierung und Fehlerkorrektur der Information nach dem Abtasten,
• 302 Ermittlung des Absenders,
• 303 Ermittlung der Portogebühr,
• 304 Sicherheitsüberprüfungen,
• 305 Abfrage nach Verifizierung und
• 306 Buchung oder
• 307 Fehlerbehandlung.

The basic mode of operation in the postal center of the mail carrier is a delivery of the mail item in the letter center in a second step 2, a scan and evaluation of a marker and / or franking picture in a third step 3, the further transport of the mail piece in the fourth step 4 and its delivery in fifth step 5 or its sorting out in the fourth step 4. The information from the scanned marking and / or the franking image are further processed in the data center of the letter center in an evaluation routine 300 for its evaluation. The evaluation in routine 300 includes at least the following steps:

• 301 decoding and error correction of the information after scanning,
• 302 determination of the sender,
• 303 determination of postage,
• 304 security checks,
• 305 query for verification and
• 306 booking or
• 307 Error handling.

In the letter center is a scanning means and in the data center of a mail carrier, a first evaluation means are provided communicatively connected to one another in step 301, a decoding and error correction of the information after scanning, in step 302, a determination of the respective sender and in step 303 a determination to carry the postage. The first evaluation means comprises a database, which is coupled to a server.

Alternatively, the order of steps 302 and 303 may be reversed, or the two steps may be concurrently performed.

• die Ermittlung (302) des jeweiligen Absenders eine Suche nach der Gerätekennung ₉ des Frankiergeräts in einer Datenbank des Briefzentrums oder Datenzentrums und nach der zugehörig gespeicherten Kopie j der zuletzt verwendeten Schlüsselgenerationsnummer umfasst, zu der ein zugehörig gespeicherter Frankierbildschlüssel existiert,
• die Sicherheitsüberprüfung (304) jedes Frankierbildes, eine Ermittlung der mathematischen Beziehung der abgetasteten Schlüsselgenerationsnummer i ∓ x zu der Kopie j der zuletzt verwendeten Schlüsselgenerationsnummer sowie eine kryptographische Verifizierung des Integritäts-Checkcodes M umfasst, wobei ein Frankierbildprüfschlüssel IDAKey_J, welcher dem aktuellen nachfolgenden Frankierbildschlüssel IDAKey_i ∓ x des Frankiergeräts entspricht, nach dem ersten Krypto-Algorithmus erzeugt, wobei letzterer entsprechend der Ermittlung der mathematischen Beziehung z-Mal angewendet wird sowie wobei der Frankierbildprüfschlüssel IDAKey_J zusammen mit der Kopie J der aktuell verwendeten Schlüsselgenerationsnummer i ∓ x und mit der Gerätekennung g zur Bildung eines Vergleichs-Integritäts-Checkcodes Mref nach dem zweiten Krypto-Algorithmus verwendet wird.

It is envisaged that

• the respective sender's determination (302) includes a search for the device identifier _{9 of} the franking device in a database of the letter center or data center and after the associated copy j of the last used key generation number to which a corresponding stored franking image key exists,
• the security check (304) of each franking image, a determination of the mathematical relationship of the sampled key generation number i ∓ x to the copy j of the last used key generation number and a cryptographic verification of the integrity check code M, wherein a franking image verification key IDAKey _J corresponding to the current subsequent franking image key IDAKey _i ∓ x of the franking device, generated according to the first crypto algorithm, the latter being used in accordance with the determination of the mathematical relationship z times, and wherein the franking image check key IDAKey _J together with the copy J of the currently used key generation number i ∓ x and with the device identifier g to form a comparison integrity check code Mref is used according to the second crypto-algorithm.

In the data center second means for security checking each scanned franking image are provided, preferably a server that is secured against misuse.
After passing through steps 301 to 304, a query is made for a verification of the franking device identifier g . If verification is possible after passing through steps 301 to 304, then in step 306, the postage fee is booked in the context of the central postage collection to the account of the sender determined in step 302. If, however, verification is not possible after passing through steps 301 to 304, then this is determined in query step 305 and branched to an error handling step 307. The testing of frankings and the three test steps have already been explained above. As part of the error treatment, a turn signal is generated in order to prevent the further transport of the mail piece in the fourth step 4 and instead to cause a sorting out of the mailpiece. The mailpiece is transported to the recipient when the addressee (recipient) of the mailpiece has been notified and has agreed to delivery. The item of mail can be returned to the sender if the sender of the item has been notified and has agreed to a return. Otherwise, an undeliverable mail piece will be destroyed. As part of the delivery to the addressee (recipient) of the mail piece is also a posting, but on the recipient name.
As part of the error handling further investigation and also a registration undeliverable mail pieces can be made.

A block diagram 100 of a franking bank (PIMD's) is in the FIG. 2 shown. The franking device has a keyboard 112, a display unit 114 (LCD) and a printer module 116 (printer), which are provided with a keyboard each associated control electronics (keyboard controller 111, display controller 113, printer driver 115) are connected. It also has a processor 104 (CPU), a memory management unit 117 (MMU), as well as volatile and nonvolatile memories (volatile memory 102, 107 and nonvolatile memory 101, 103) and a serial input / output communication interface 109 Data exchange with an operator data center. The communication interface can be wired (eg USB, LAN, etc.) or wireless (eg WLAN, GSM, Bluetooth). In addition, there is a timed driver 108 accessing a volatile memory 102 and a cryptographically encrypting driver 106 accessing a non-volatile memory 103. Timed driver 108 writes data to volatile memory 102 (RAM, SD-RAM) and clears that data as soon as that data has not been accessed for a time-out set in the operating program. The deletion is done by automatically overwriting the data with bytes randomly generated by the driver. If you then try to read the data, the driver outputs only the previously random data.

The cryptographically encrypting driver 106 writes data in encrypted form to the non-volatile memory 103 (e.g., Flash) using a hard-coded symmetric block cipher key. If this data is then read out again, the driver first decrypts the data with the same hard-coded key.

The program code for controlling the franking device is preferably in the program memory 105 (NV memory), for example in a flash memory, but may alternatively be in an EPROM block. The latter variant is inexpensive, but not so flexible, because an exchange of the operating program requires a change of the EPROM block. Communication within the meter passes over an internal bus 110 and is controlled by the memory management unit 117 (MMU) when saving data. The volatile memory 107 is provided as a working memory.

The communication interface 109 may be connected to an operator data center via an internal or external modem, as shown, for data exchange or with another suitable communication device. The communication links, the communication network and the communication devices at the ends of the communication links form the communication means in a known manner.
The aforementioned means 103 to 107 form a key generation means which generates a new franking picture key for each next franking picture by calculating. It is assumed that the immediately preceding franking picture key. The latter and a communication key are both stored in the nonvolatile memory 103. The calculation is performed using a first and second crypto algorithm before franking, wherein for a first franking image, a first integrity check code is generated based on the second crypto algorithm, wherein for each subsequent franking image a subsequent franking image key from a predecessor of the franking image key is derived according to the first crypto-algorithm and an integrity check code is generated, based on the subsequent franking image key, a key generation number, a device identifier of the franking device and based on the second crypto-algorithm.

A PIMD 10 may communicate securely with its operator data center 14, typically using a bi-directionally authenticated and optionally encrypted communication protocol. Common methods are based on a key agreement protocol (Henk CA van Tilborg: Encyclopedia of Cryptography and Security; Springer-Verlag New York, 2005, page 325) or key establishment.

In the Fig. 3 a representation of the levels of memory protection is shown. After input 200 of a device identifier g (device ID) and the current password, a first routine 201 is processed to process the data to form a password by a random and data mix (salt & hash) and in a file in the nonvolatile memory 101 Software protected to save internally. The first routine 201 thus leads to a password storage on a lower level of the memory protection. Following the first routine 201 is a second routine 202 for deriving an internal encryption key IMDKey and timestamping it in an IMDKey file in volatile memory 102. The second routine 202 thus results in volatile storage at a middle level of memory protection.
After the second routine 202, a third routine 203 follows for encrypting keys COMKey and IDAKey by means of the internal encryption key IMDKey and an encrypted internal volatile storage of data in the volatile memory 103, the data containing the encrypted keys. The third routine 203 thus results in volatile storage at an upper level of memory protection.
The PIMD preferably uses two keys or key pairs to secure its interactions with neighbor systems. For the electronic communication with the operator data center a communication key COMKey is used. This can be a symmetric key. Alternatively, an asymmetric key pair can be used. In the case of an asymmetric key pair , we call the private communication key COMPrivKey and the public communication key COMPubKey.
For the franking imprints which are read and evaluated by the postal carrier concerned in the mailing data center during the mailing, a secret franking key IDAKey is used to form the integrity check code M , the latter being used in the mailing data center Franking is printed on the mailpiece. This is preferably a symmetric key.
Both keys COMKey and IDAKey or COMPrivKey and IDAKey are stored in an encrypted internal memory area, for example in the volatile memory 103 of the Postal Identity Management Device (PIMD) and are decrypted only when required. After use, the plaintext copies of both keys are deleted immediately and the corresponding memory areas are overwritten with random bit patterns, so that the plain keys can not be read out by unauthorized persons.

For the encryption of the secret communication key COMKey or of the private communication key COMPrivKey and of the secret franking image key IDAKey , an internal encryption key IMDKey is used for a symmetric block cipher, for example Advanced Encryption Standard (AES). This internal encryption key IMDKey is not permanently stored in plain text, but is derived from the password algorithmically if necessary. Plain-text copies of the internal encryption key IMDKey are temporarily held in volatile memory 102 (time-controlled internal storage) and deleted there once their time-out has expired without being used.

For a new password, a random bit string (salt) is generated ( Henk CA van Tilborg: Encyclopedia of Cryptography and Security; Springer-Verlag New York, 2005, page 541 ). The random bit string is appended to the user-selected password. The result is mapped to a hash value (eg SHA256) by a hash function (ibid, hash function, page 256-264) and from this the franking image key IDAKey is derived by either using the hash value directly or by hashing it. The couple out The salt and hash value for a password are then stored in the password file indexed by passwords (soft protected internal memory). In order to protect this memory against unauthorized reading, software obfuscation techniques are used which, for example, store a data set in several parts which are located in the memory 101 at different addresses.

• eine Initialisierung (Fig.4) des PIMDs,
• ein Wechseln (Fig.5) eines bestehenden Passworts und
• eine Berechnung (Fig.6) des Frankierabdrucks.

The main processes of running a PIMD include:

• an initialization ( Figure 4 ) of the PIMD,
• a change ( Figure 5 ) of an existing password and
• a calculation ( Figure 6 ) of the franking imprint.

• eine Geräte-ID Authentikation (Fig.7),
• ein Senden (Fig.8) von Frankierbildschlüsseln (IDAKey).

Subprocesses of operating a PIMD include:

• a device ID authentication ( Figure 7 )
• a send ( Figure 8 ) of franking picture keys (IDAKey).

The Fig. 4 shows as routine 400 a flowchart for initializing a PIMD. After the start of the PIMD initialization in step 401 and an entry of the device ID and a new password in the PIMD in step 402, a query for new passwords takes place in step 403. When entering a password via the keyboard of the franking device, for example, the new passwords are those that have been entered twice. When entering a password via the keyboard for the first time, a double entry of the passwords must be made. However, this is not intended to preclude repeated entry of identical passwords, nor a single entry of a password, wherein the franking device can recognize in another way that a routine 400 for initializing a PIMD should run. For example, at a first input, an input is made to the type of routine that is about to expire and a password input in a second input, or vice versa. Alternatively, other variants of the password input are possible than by hand, provided that the franking device has a correspondingly adapted interface. For example, the password input via Chip card, which requires that the franking device has a read / write unit for smart cards. Also, therefore, no double entry of the passwords must be made if it can be determined in another way whether it is intended to replace a previous one with a new current password.
Subsequently, in step 404, the password is processed by a process known per se (salt & hash process), already mentioned above in connection with Figure 3 was pointed out. In step 405, the new password is stored in a password key file in non-volatile memory 101. Following step 404, in step 406, a new encryption key IMDKey _{k is derived} from the new hash value formed in step 404. After deriving the new encryption key IMDKey _k in step 406, the new encryption key IMDKey _{k is} internally stored in the volatile memory 102 in a timed manner in step 407. In step 408 following step 406, a new communication key COMKey and franking image key IDAKey ₁ can now be generated. These two keys are encrypted in the following step 409 in the crypto driver 106 to data D _{k 1} , which are then stored internally volatile in the following step 410.
The franking image key IDAKey ₁ is a first key which is used to form an integrity check code M. The COMKey is a communication key for electronic communication with the operator data center . Encryption of the two slots COMKey and IDAKey ₁ is performed in step 409 by using the new encryption key IMDKey _k when encrypting according to one of the known encryption algorithms, for example according to the Avanced Encryption Standard (AES) algorithm according to formula (9): $$\mathit{AES}\left({\mathit{IMDKey}}_k,\left(\mathit{<figure-callout\; id="1"\; label="COMKey\; \; IDAKey"\; filenames="imgf0002.png,imgf0005.png"\; state="\{\{state\}\}">COMKey\; </figure-callout>}{\mathit{IDAKey}}_{}{\mathit{}}_1\right)\right)\to D_{k1}$$

After the internal storage of the data D _{k1 of} the encrypted key COMKey and IDAKey ₁ in step 410, the sub-process in step 411 follows Fig. 8 performed and the first franking key IDAKey ₁ sent. During the initialization of the franking device, in addition to the first franking picture key IDAKey ₁ , the device identifier g of the franking device and the key generation number i are also transmitted to the data center of the mail carrier. In subsequent step 412, the initialization of the PIMD is complete.

The operation of initializing a PIMD is one of the main processes and ends with the transmission of the generated first franking picture key IDAKey ₁ to the mail carrier via a secure communication protocol.

The mail carrier then registers the new franking device with its device identifier g, its first key generation number i and the associated franking image key IDAKey _i , which are used to form an integrity check code M. The first key generation number i preferably has the value 'one'.

The Fig. 5 shows as routine 500 a flowchart when changing a device password. Routine 500 of the PIMD causes the password to be changed, that is, to update the password of the PIMD. After the start of a change of the password in the first step 501 and an input of the device ID and the previous password in the PIMD in the second step 502, a verification of the authenticity of the device ID takes place in the third step 503. If the authentication of the device ID has failed, then a fourth step 504 is branched and the routine 500 ends. Otherwise, if the authenticity check of the device ID was successful, a branch is made to a sixth step 506 to query for new passwords. After entering a new password in the fifth step 505, a query for the newly entered password can be made in the sixth step 506. For example, in a manual input via the keyboard of the franking device in the fifth step 505, a new password can be entered twice and in the sixth step 506 is asked for such a double entry of a new password. Alternatively, it can be determined according to other criteria whether the input of a new password is intended.
The user can thus establish a new password by typing it twice identically. The postage meter may optionally recognize in another manner that a password-switching routine 500 is to occur. Alternatively, other variants of the password input are possible than by hand, which requires that the franking device has a correspondingly adapted interface. With the password input or alternatively by means of RFID card, magnetic card, chip card, mobile device (mobile phone, organizer), which can be communicatively connected via personal network (Bluetooth, USB, etc.) with the franking device, a misuse of the device identifier g of the sender franking device.
After the authentication of the device ID in the third step 503 and the query in the sixth step 506 was successful, a processing of the new password after the so-called salt & hash process in a seventh step 507 to a new hash value hash _{k +1} , The above process is identical to the first routine 201 for processing the data shown in FIG Figure 3 has already been explained or with the fourth step 404 of the routine 400, which according to the Figure 4 is going through.
After the salt & hash process in the seventh step 507, the new password is stored in a password and key file in an eighth step 508 and proceeded to the ninth step 509, to retrieve internally stored data D _k , the data being encrypted Keys included. The encrypted internal storage of the keys in the volatile memory 103 was carried out in the form of data D _k already before the routine 500 in step 410 (FIG. Figure 4 ) or 203 ( Fig. 3 ). The extracted data D _k are decrypted by means of the active internal key IMDKey _k to the two keys required in plain text. These are the secret franking image key IDAKey _k and the secret communication key COMKey or private communication key COMPubKey. Following the ninth step 509, in the tenth step 510, a new internal encryption key IMDKey _{k + 1 is derived} from the new hash value hash _{k + 1} , which was determined in the seventh step 507. In an eleventh step 511 following the tenth step 510, the required keys are re-encrypted by means of the new IMDKey _{k + 1} , whereby the required keys result from the decryption in the ninth step 509. The re-encryption takes place again, for example, according to the Advanced Encryption Standard (AES) algorithm according to the formula (10) to the new encrypted data D _{k +1} : $$\mathit{AES}\left({\mathit{IMDKey}}_{k+1},\left({\mathit{COMKey}}_k{\mathit{IDAKey}}_k\right)\right)\to D_{k+1}$$

In a twelfth step 512 following the eleventh step 511, an internal volatile storage of the new encrypted data D _{k +1} again takes place in the volatile memory 103. As a result of the tenth step 510, a timed internal volatile memory of the new one also takes place in a thirteenth step 513 internal encryption key IMDKey _{k + 1} in the volatile memory 102. Changing the password is complete in the fourteenth step 514.

The Fig. 6 shows as routine 600 a flowchart for calculating a franking imprint. The routine 600 for calculating a franking imprint belongs to the main processes. After the start of a processing of the data of a franking imprint in the first step 601, a query is made in the second step 602 as to whether a renewed authentication of the device ID is necessary because the timing of the storage of the IMDKey has taken place.
If this is the case, then - in a manner not shown - a message, for example via the display, which prompts the user of the franking device to enter the device ID and the password.
Subsequently, in the third step 603, an input of the device ID and the password takes place before, in the fourth step 604, a sub-process of operating a PIMD for authentication of the device ID expires. If authentication of the device ID is not possible, then a step 605 is reached and a message is displayed indicating that the authentication failed.
Otherwise, if the query in the second step 602 reveals that device ID re-authentication is unnecessary, or if the device ID authentication was successful in the fourth step 604, then a sixth step 606 is branched. In the sixth step 606, the data D _i encrypted internally in the volatile memory 103 are decrypted by means of the active IMDKey _i to form the plaintext keys . These are the secret franking image key IDAKey _i and the secret communication key COMKey _i or private communication key COMPubKey _i . Now, an integrity check code M is formed according to the aforementioned formula (1) or (2).
After input of franking data and image data in a seventh step 607, in an eighth step 608 processing of the franking data and image data together with the integrity check code M takes place in order to generate a unique franking imprint as a result of the routine 600. Following the eighth step 608, in a ninth step 609, the key generation number i for the current one Franking next following the franking increased by the value of one. After incrementing in the ninth step 609, in the following tenth step 610, a next encryption key IMDKey _{i is derived} , an encryption of the keys IDAKey _i and COMKey _i by means of the active IMDKey _i and an encrypted internal storage of the keys IDAKey _i and COMKey _i . In the further eleventh step 611, the clear keys and the encryption key are overwritten in the volatile memories 102 and 103. With a twelfth step 612, a message about the integrity of the check code can be output. At the thirteenth step 613, the routine 600 for calculating a franking imprint is completed.

The Fig. 7 As a first sub-routine 700, a flowchart for authenticating a device ID is shown. The sub-routine 700 is one of the sub-processes of operating a PIMD following in both main processes Fig. 5 and 6 as well as in the sub-process Fig. 8 is needed. The operation of the PIMD initiated by passing through the subroutine is started in the first step 701 and leads to the device ID authentication. After the start, in the second step 702 of the first subroutine 700, an input of the device ID and the password is made, and then, if the input is confirmed in the third step 703, a fourth step 704 of the first subroutine 700 is reached, to perform a salt & hash processing of the password. Subsequently, in the sixth step 706, a query is made as to whether a current hash value is equal to a hash value for the device ID. In the seventh step 707, a hash database with a list of device passwords and user names is accessed to locate the hash value for the device ID. If the query does not result in equality in the sixth step 706, then a branch is made to a fifth step 705 and a message is output that the authentication has failed.
Otherwise, a branch is made to an eighth step 708 for deriving an encryption key from the current hash value. The encryption key is stored internally in a timed manner until the Timing the storage of IMDKeys occurs (step 709). Thus, the tenth step 710 of the first sub-routine 700 is reached and the authentication is complete.

und ein Senden der Daten D1 des mit einem Kommunikationsschlüssels COMKey verschlüsselten Frankierbildschlüssels IDAKey ₁ und weiterer Parameter g und i, welche durch eine mathematische Funktion F miteinander verknüpft worden sind, wobei die mathematische Funktion F dem Datenzentrum des Postbeförderers bekannt ist.The Fig. 8 As a second sub-routine 800, a flowchart when sending a postage meter key of the PIMD to the data center of the mail carrier is shown. The sending of franking picture keys IDAKey belongs to the sub-processes of operating a PIMD. Based on the second sub-routine 800, the operation of transmitting an IDAKey of a PIMD is shown in more detail. This second subroutine is needed when a PIMD sends its IDAKey to the mail carrier at the end of its initialization. The sub-process of sending the key of a franking imprint is started in the first step 801 and reaches a second step 802 in order to query whether re-authentication is necessary due to the time-out of storage of the IDAKey . If so, then step 804 of the second subroutine may be branched. Assuming that an input (step 803) of the device ID and the password is made, the first sub-routine 700, ie, a sub-process, may - as shown Fig. 7 Expire for device ID authentication. Otherwise, a branch is made to the sixth step 806 of the second sub-routine 800 if no re-authentication is necessary because of the time-out of storage of the internal encryption key IMDKey . A renewed device ID authentication is thus bypassed, and in the sixth step 806 of the second subroutine 800, the data D is decrypted by means of the internal encryption key IMDKey to the clear keys COMKey and IDAKey ₁ . In the subsequent seventh step 807 of the second subroutine, the first franking picture key IDAKey _{1 is} encrypted and further parameters, such as at least the device identifier g of the franking device and the key generation number, are encrypted i , by means of the communication key COMKey according to the formula (11): $$\mathit{AES}\left(\mathit{COMKey}.F\left(Gi{\mathit{IDAKey}}_1\right)\right)\to D\mathit{1}$$

and sending the data D1 of the franking image key IDAKey ₁ encrypted with a communication key COMKey and other parameters g and i linked by a mathematical function F, the mathematical function F being known to the data center of the mail carrier.

The data D1 is transmitted to the data center of the mail carrier and received and decrypted there. The receipt of the franking image key IDAKey ₁ and further parameters g and i is confirmed.
In the eighth step 808 of the second sub-routine 800, receipt of the acknowledgment of receipt of the communication partner takes place. In the following ninth step 809 of the second subroutine 800, the plain keys COMKey and IDAKey ₁ are overwritten with random data. Thus, the sub-process of sending the first franking picture key IDAKey ₁ in the tenth step 810 of the second sub-routine 800 is completed.
Preferably, the first franking picture key IDAKey ₁ indirectly enters the data center 7 of the mail carrier via the data center 14 of the operator or manufacturer of the franking device. Alternatively, the data center 7 of the mail carrier is the direct communication partner.

In the aforementioned calculation routine 600, after the formation of a check code M in step 606 and after its processing in step 608, the next franking image key is derived in step 610. The sequence can also be reversed by first deriving the next franking image key and then a Forming a check code M and its processing is made. In the sequence of steps in a review of the franking data in the data center of course, a corresponding order must be selected so that after scanning the franking image or a marking of the mail piece in the generation of new franking picture keys again synchronicity is achieved.

The aforementioned password change routine 500, the query for a new password according to other criteria, as was shown in the embodiment. The entry of the new password itself can be done in other ways, as was shown in the embodiment.

The aforementioned routines can be adapted to the different postal regulations for the various countries and used analogously.

If in the aforementioned examples of mail pieces, letter envelopes or franking strips is spoken, then other forms of printed matter should not be excluded. Rather, all mailpieces are to be included, which can be provided by franking devices with a franking picture. The application of a franking impression should not exclude the application of a mark. The application of a franking impression should not be limited to printing on a postal item, but other forms of applying at least one franking impression or marking should not be excluded.

Other other embodiments of the invention may be devised, which are based on the same spirit of the invention and are covered by the appended claims.

Claims (21)

A franking method with central postage collection in the data center of a mail carrier , with generation of a first franking image key IDAKey ₁ during initialization of the franking device , with production of a franking image by means of the franking device, and with an evaluation of the franking image removed from the franking device, characterized by the steps: Transmitting the first franking- image key IDAKey ₁ for the remote evaluation of franking images to be checked on mailpieces, Calculation of a franking image before the production of a franking, wherein for each franking image a new franking image key is derived from a predecessor of the franking image key according to a first crypto algorithm and wherein an integrity check code M is generated based on the new franking image key, a key generation number i , a device identifier g of the franking device and based on a second crypto-algorithm with the franking image having at least the device identifier g of the franking device, the key generation number i and the integrity check code M , - Carrying and delivering mailpieces to a postal center of the mail carrier after franking, scanning and checking franking images at the mail carrier, wherein the integrity check code M is cryptographically verified by forming a compare integrity check code for comparison with the printed integrity check code and wherein central booking fees are recorded, which are billed to the sender of the postal items in a time-decoupled manner from the booking at the end of the billing period, and - error handling during testing. Method according to claim 1, characterized by the steps: Data transmission of at least one device identifier g of the franking device, a first key generation number i ₁ and the first key IDAKey ₁ to a remote data center of the mail carrier prior to the end of the initialization (400) of the franking device, and encrypted internal storage of the generated first franking picture key IDAKey ₁ in the volatile memory of the franking device,
or
Generating a franking image key IDAKey _i derived according to a first crypto algorithm and encrypted internal storage of the derived franking image key IDAKey _i , Recognition of a franking order by the franking device for a piece of mail to be printed and start of the calculation of a franking image with generation of an integrity check code M according to a second crypto algorithm, wherein the generating from the device identifier g of the franking device, the key generation number i and the first franking image key IDAKey ₁ or of a derived franking image key IDAKey _i , whereby the encrypted internally stored first franking image key or derived franking image key is decrypted by means of an encryption key IMDKey into a clear text key IDAKey ₁ or IDAKey _i , Processing the franking image data with the integrity check code M , Printing on the mail piece with a franking image which has a marking with at least the device identifier g of the franking device, the key generation number i and the integrity check code M , incrementally changing the key generation number i by a predetermined numerical value h, deriving the next franking picture key IDAKey _{i h} from the current key generation number i h, encrypting at least the next franking picture key IDAKey _{i h} and a communication key COMKey by means of the encryption key IMDKey and encrypted internal storage of the next franking picture key IDAKey _i ∓ _h and of the communication key COMKey and overwriting of the clear text keys COMKey and IDAKey _i ∓ _h and its predecessor IDAKey _i in the volatile memory of the franking device, Transporting the items of mail franked by the franking device to the mail center by the mail carrier; - delivering the item of mail in the mail center's mail center and scanning the franking picture and evaluating the scanned data by means of a test procedure in the data center of the mail carrier, wherein the scanned integrity check code M is cryptographically verified with a current key, - central postage collection in the data center of the mail carrier, if the authenticity of the integrity check code M is present, whereby a synchrony between franking device and data center is made or - Execution of an error handling routine when the authenticity of the integrity check code M has not been detected or a defective device identifier g of the franking device or faulty key generation number i is present. Method according to Claims 1 and 2, characterized in that the key generation number i is increased or reduced by the value h = 1 with each franking. Method according to claims 1 to 3, characterized in that, for a next key generation number i + 1, deriving the next franking picture key IDAKey _i + 1 from the current key generation number i and the current franking picture key IDAKey _i according to the first crypto-algorithm according to the formula: $${\mathit{IDAKey}}_{i+1}\leftarrow \mathit{hash}\left(i,{\mathit{IDAKey}}_i\right)\mathrm{,}$$

Method according to claims 1 to 4, characterized in that a hash-based message authentication code (HMAC) is used as the first crypto-algorithm. Method according to claims 1 to 5, characterized in that the generation of an integrity check code M according to a second crypto algorithm by means of a secret cryptographic franking image key IDAKey _{i of} the sender, the device identifier g of the franking device and their current key generation number i according to the formula: $$\mathit{M}\mathit{\leftarrow }\mathit{HMAC}\left({\mathit{IDAKey}}_i\left(G\Vert i\right)\right)$$

he follows. Method according to claims 1 to 5, characterized in that the generation of an integrity check code M according to a second crypto algorithm by means of a secret cryptographic franking image key IDAKey _{i of} the sender, the device identifier g of the franking device and their current key generation number i according to the formula: $$M=\mathit{HMAC}\left({\mathit{IDAKey}}_i.f\left(Gi{\mathit{IDAKey}}_{}\right)\right)$$

he follows. Method according to one of claims 1 to 6 or 7, characterized in that an evaluation of the scanned data by means of a test procedure in the data center of the mail carrier, a determination of the mathematical relationship of the sampled key generation number i ∓ x to the copy j of the last used key generation number, calculating a current franking image check key IDAKey _j ∓ h corresponding to the scanned franking image key, if the mathematical relationship equals a given mathematical relationship J = j + x x = h × z, where the value x of the change of the copy j of the last-used key generation number from the product of each step value h results in the number z of changes, and the mail piece is subjected to sorting and the scanned data is subjected to error handling; if the mathematical relationship does not correspond to the given mathematical relationship. A method according to claim 8, characterized in that the mail piece is returned to the sender if the mathematical relationship of the sampled key generation number i ∓ x to the copy j of the last used key generation number does not correspond to the predetermined mathematical relationship and if the sender of the mailpiece has been notified is and has agreed to a return. A method according to claim 8, characterized in that the mailpiece is transported to the recipient if the mathematical relationship of the sampled key generation number i ∓ x to the copy j of the last used key generation number does not correspond to the predetermined mathematical relationship and if the recipient of the mailpiece has been notified and has agreed to service. Method according to one of claims 1 to 10, characterized in that the further processing of sampled data at the mail carrier in a routine (300), which is a decoding (301) of the sampled data, a determination of the respective sender (302), a determination (303) the respective postage fee, a security check (304) of each franking and a central posting (306) of the postage to an account of the sender, and that a transport (4) and a delivery (5) of properly franked mail to the recipient or Separation of mail pieces in the mail center is carried out when the further processing of the scanned data in the routine (300) is not possible, wherein the determination of the respective sender (302) comprises a search for the device identifier g of the franking device in a database of the letter center or data center and for the associated copy j of the last used key generation number for which a correspondingly stored franking picture key exists, - the security check (304) of each franking image, a determination of the mathematical relationship of the sampled key generation number i ∓ x to the copy j of the last used key generation number and a cryptographic verification of the integrity check code M, wherein a franking image verification key IDAKey _J of the current subsequent franking image key IDAKey _i ∓ x of the franking device, generated according to the first crypto algorithm, the latter being used in accordance with the determination of the mathematical relationship z times, and franking image check key IDAKey _J together with the copy J of the currently used key generation number i ∓ x and with the device identifier g is used to form a compare integrity check code Mref according to the second crypto-algorithm. Method, according to claim 1, characterized in that the security of the device identifier g is guaranteed at least by a password input. A method according to claim 12, characterized in that before calculating a franking image, the input of the existing password and the device identifier g and its authenticity is retrieved when a predetermined period of time for storing the internal encryption key IMDKey _{k has} expired. A method according to claim 12, characterized in that prior to the calculation of a franking image, the existing password is changed as needed and before changing the existing password, the input of the existing password and the device identifier g and its authenticity is queried. A method according to claim 12, characterized in that the security of the device identifier is ensured by a combination of measures: a) password input via keyboard or alternatively by means of RFID card, magnetic card, chip card, mobile device (mobile phone, organizer) connected via personal network (Bluetooth, USB, etc.) on the franking device side, b) Authentication of the device identifier in each franking imprint on the mail carrier side in order to exclude the use of incorrect device identifications. c) One-time authentication of the device identifier in each franking imprint on the mail carrier side to reuse copied authentications of incorrect device identifications excluded. d) securing the communication connection at least to the operator data center by encryption. e) Management of separate user accounts by a per se known operating system of a personal computer in connection with the use of multi-user franking devices. A method according to claim 15, characterized in that via a secure communication connection, a generated first franking key IDAKey _{1 is} transmitted during an initialization of the franking device to the data center of an operator and then to the data center of the mail carrier. Mailing system with central postage collection, with a mail center and a data center of a mail carrier, a data center of an operator of a variety of franking devices, the mail carrier transports the mail pieces franked by the franking machine to the letter center and wherein each franking device via a communication connection via the network and via a communication link as needed in Contact with the operator data center, which registers the device ID of its users and offers additional services,
characterized by - that the franking contains a key generation means generates a new franking for every next franking - That means of communication are provided and a synchronicity between the franking device and the data center is established as needed via the communication connection, - That scanning means are provided in the letter center and first evaluation in the data center of a mail carrier, which are communicatively connected to each other, which determined by the first evaluation of the sender of the mail piece on a stored in a database assignment of the device identifier to a sender and the postage is determined by postage calculation means . in that the evaluation means in the data center include second means for security checking each scanned franking image which, when it is possible to establish synchronicity between the scanned key generation number and its calculated copy and between the secret cryptographic image key and the calculated franking image verification key, provides a comparison integrity check code in the data center calculate to cryptographically verify the scanned integrity check code, - that means for booking the postage for mail items of the same sender are provided for a separate account and for error handling in the data center of the mail carrier, the central postage collection is performed when the authenticity of the integrity check code is demonstrable. Mailing system according to claim 17, characterized in that the second means for checking security are programmed to determine the mathematical relationship of the sampled key generation number to the copy of the last used key generation number, wherein a franking image verification key corresponding to the current subsequent franking image key of the meter is generated according to the first crypto-algorithm, the latter being applied z times according to the determined mathematical relationship, and the franking image check key together with the copy of the currently used key generation number and with the device identifier to form a compare integrity check code after the second crypto Algorithm is used. Mailing system according to claim 17, characterized in that the further processing of scanned data takes place at the mail carrier in the mail center or in the data center of the mail carrier. Mailing system according to claim 17, characterized in that the key generating means of the franking device are programmed to perform a calculation using first and second crypto algorithms before franking, wherein for a first franking image a first integrity check code based on the second crypto Algorithm is generated, wherein for each subsequent franking image, a subsequent franking image key derived from a predecessor of the franking image key after the first crypto algorithm and an integrity check code is generated based on the subsequent franking image key, a key generation number, a device identifier of the franking device and based on the second crypto algorithm. Mailing system according to claims 17-19, characterized in that a non-volatile memory (101) for password storage at a lower level of the memory protection, a volatile memory (102) for timed storage of the internal encryption key IMDKey in an IMDKey file on a middle level of the memory protection and that a volatile memory (103) are provided for an encrypted internal volatile storage of data on an upper level of the memory protection, wherein the data in the volatile memory (103) the franking image key IDAKey and the communication key COMKey in encrypted form contain.

Images