Connect public, paid and private patent data with Google Patents Public Datasets

System for protecting cryptographic processing and memory resources for postal franking machines

Info

Publication number
WO1998020461A2
WO1998020461A2 PCT/US1997/015856 US9715856W WO1998020461A2 WO 1998020461 A2 WO1998020461 A2 WO 1998020461A2 US 9715856 W US9715856 W US 9715856W WO 1998020461 A2 WO1998020461 A2 WO 1998020461A2
Authority
WO
Grant status
Application
Patent type
Prior art keywords
memory
psd
cryptographic
host
controller
Prior art date
Application number
PCT/US1997/015856
Other languages
French (fr)
Other versions
WO1998020461A3 (en )
Inventor
Robert Schwartz
George Brookner
Edward Naclerio
Original Assignee
Ascom Hasler Mailing Systems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • G07B2017/00153Communication details outside or between apparatus for sending information
    • G07B2017/00177Communication details outside or between apparatus for sending information from a portable device, e.g. a card or a PCMCIA
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00193Constructional details of apparatus in a franking system
    • G07B2017/00258Electronic hardware aspects, e.g. type of circuits used
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00314Communication within apparatus, personal computer [PC] system, or server, e.g. between printhead and central unit in a franking machine
    • G07B2017/00322Communication between components/modules/parts, e.g. printer, printhead, keyboard, conveyor or central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00362Calculation or computing within apparatus, e.g. calculation of postage value
    • G07B2017/00395Memory organization
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00959Cryptographic modules, e.g. a PC encryption board
    • G07B2017/00967PSD [Postal Security Device] as defined by the USPS [US Postal Service]

Abstract

An improved system for protecting cryptographic processing and memory for postal franking machines. Appropriate cryptographic processing and memory resources are contained in a Postal Security Device (PSD) (5), which defines a cryptographic and physical boundary. Cryptographic processing (18) occurs in the PSD, which provides security to these resources, thereby minimizing a successful fraudulent attack on the system. Speed of the cryptographic processing is also increased. The PSD may be in the form of an Applications Specific Integrated Circuit (ASIC) or Personal Computer Memory Card International Association (PCMCIA) Card.

Description

SYSTEM FOR PROTECTING CRYPTOGRAPHIC PROCESSING AND MEMORY RESOURCES FOR POSTAL FRANKING MACHINES

RELATED APPLICATIONS

This application claims priority from pending U.S. Provisional Application Serial Nos. 60/030,537,

60/050,043, and 60/054,105, filed on November 7, 1996, June 18, 1997, and July 29, 1997, respectively, which are hereby incorporated by reference.

TECHNICAL FIELD

This invention is directed to a system for protecting cryptographic processing and memory resources for postal franking machines.

BACKGROUND ART

In countries throughout the world, a postal customer may obtain postage from the postal authority in several ways, including the purchase of stamps and the use of a postage meter. When a postage meter is used, there is a security concern since the meter is dispensing value, and without sufficient security, the value could be stolen from a meter by unscrupulous parties. Concerns include use of the meter to dispense postage for which the Postal Authority has not been compensated and use of the meter which was not authorized by the lawful operator of the meter.

These security concerns have always been present, even when a postage meter was essentially a purely mechanical letterpress. As the postage meter evolved through the 20th century to an electronic configuration, letter-press printing was represented in a rotary drum movement impressing an image onto a mailpiece, as well as a flat-bed approach meshing a mailpiece on a platen assembly against a printing die to produce an image onto a mailpiece. The postage meter is now taking on a new role of digitally printing postage, thus no longer requiring letter-press printing.

When a postage meter utilizes letter-press printing, security concerns are typically addressed, in part, by the physical attributes of the meter. Not only do the attributes of the meter (case material, etc.) provide protection against the unauthorized use of the meter, the attributes also provide a means to detect whether an attempt has been made to make unauthorized use of the meter evidenced by visible deliberate damage to the meter's case. With evolution of the "meter," greater security against fraudulent attacks on the meter is needed. With the increase in the availability of elaborate technologies and sophisticated hacking capabilities, Postal Authorities around the world, including the United States Postal Service, are concerned with the ability to defraud the Postal Authorities by falsifying postal indicium, particularly when such indicium is digitally printed.

One approach which as been taken to increase the security of evolved meters is to employ cryptographies to the creation and application of the postal indicia. In order for this approach to be an effective security measure, however, there must be sufficient physical security for the cryptographic processing and memory to eliminate a successful fraudulent attack on the system. In order for this to be a commercially viable approach, cryptographic processing must be performed in a timely manner. DISCLOSURE OF THE INVENTION

In accordance with the present invention, there is provided a greatly improved system for protecting cryptographic processing and memory, which also results in faster cryptographic processing. According to the invention, it is provided that the appropriate cryptographic processing and memory resources are contained in a Postal Security Device (PSD) . The PSD provides physical security to these resources, thereby eliminating a successful fraudulent attack on the system. The PSD may be in the form of an Applications Specific Integrated Circuit (ASIC) and is preferably mounted on a portable device with an interface such as a Personal Computer Memory Card International Association (PCMCIA) Compliant Card or other form factor capable of supporting the integrity of the PSD.

BRIEF DESCRIPTION OF DRAWINGS

Fig. 1 is a block diagram showing the basic functional makeup of the PSD cryptographic processor in the present invention.

Fig. 2 is a block diagram of the PCMCIA Card PSD of the present invention.

Fig. 3 is a block diagram showing the PSD of the present invention operating in secure high speed instruction cache operation.

MODES FOR CARRYING OUT THE INVENTION

Referring to Fig. 1, an ASIC embodiment of a PSD is shown generally at 5 and includes zeroing circuitry 10, read-only-memory 12, random-access-memory 14, switching/control logic 16, a control cryptographic processor 18, non-volatile memory 20, crypto key retention 22, signature algorithm execution 24, random number generator 26, real time clock 28, interrupt control and porting 30, clock circuit 36, secure hash acceleration circuit 44, secure memory management unit 54, and host interface 44 all within a cryptographic boundary 34. The Random Number Generator 26 within this block provides a source for non-predictable random numbers typically required in systems employing cryptographic technology. The clock circuit 28 is an on- chip realtime clock for secure time keeping. External to the ASIC PSD are a battery 32 for retaining memory contents in the absence of main power to the ASIC, and one or more crystals 37 which provide clock reference timing for the various subcircuits within the ASIC. Such a PSD contains working memory, storage memory, and firmware necessary to execute cryptographic algorithms, within its cryptographic boundary, including, but not limited to DES and RSA encryption, as well as digital signature creation and validation. Information that must be retained, as Master Key, Public Key, Private Key, and the like are secured within a non-volatile memory or battery backed up memory of the PSD. Although the battery and crystals are outside the cryptographic boundary of the ASIC in this embodiment, these components can be also integrated into the same package as the ASIC silicon die.

The ASIC provides physical security to the data stored thereon as the circuits are inaccessible without destroying circuit operation. The secure data stored on an ASIC includes data encryption keys which cannot be extracted or modified without destroying PSD operation. The encryption engine 24 includes the capability of receiving data, processing the received data by performing encryption or decryption operations. The individual components of the ASIC may also be integrated within a PCMCIA Card, or preferably the custom integrated circuit (ASIC) is further integrated and embodied as a PCMCIA Card. The PCMCIA Card provides additional physical security through its housing for the processing unit for the storage and accounting of all funds, audit and secure support data required to produce and validate the addition and removal of postage value. As described above, one of the preferred embodiments encloses the ASIC or it components in a PCMCIA card.

More generally, the invention contemplates enclosing the ASIC or its components in any package having a relatively small form factor. For example, any form factor that is more or less pocket-sized or that is more or less capable of being mailed in an envelope will be convenient. Such a package must necessarily have a communications port capable to interfacing with the postal franking device and a host, discussed below, preferably a parallel data and address bus such as is employed in a PCMCIA card. Alternatively the port could be a serial bus such as a high-speed universal serial bus. If the application does not require high speed, an infrared (LED-phototransistor) link may be used. Said secure processing unit contains working memory, storage memory, and firmware necessary to execute cryptographic algorithms, within a cryptographic boundary, including but not limited to DES and RSA, as well as digital signature creation and validation. Information which must be retained, such as Master Keys, Public Keys, Private Keys, and the like are secured within a non-volatile memory or battery backed up memory.

The security of the PSD implemented in a PCMCIA Card is a combination of data integrity, authentication, non-repudiation, and confidentiality. "Data integrity is realized through the use of cryptographic checksums (one- way hashes) over the data. This function produces a small value that uniquely represents the data, such that if any single bit is altered the hash value changes significantly. The digital signature is obtained by performing a cryptographic operation on the resultant hash of the data. Authentication is realized by the fact that the receiving party can verify the digital signature on a transmission and be assured the transmission was originated by a trusted source and not other fraudulent parties. Non-repudiation is achieved by the fact that the originator of the message cannot deny the message contents as it is possible to generate the verifiable digital signature only with the originator's unique private key. Confidentiality is the use of encryption to protect the data from unauthorized disclosure.

To ensure operational security, the PSD cannot operate as a standalone device and requires a host system to perform its functions. The PSD typically communicates directly with a host system to carry out its primary objective of indicia creation. Additionally, through the host system a user can access the PSD to review the ascending and descending register values, piece count, watchdog timeout date, and refill history logs; activate PSD diagnostics; and with proper supervisor authorization, set up and delete PINs for individual users. The PSD may also provide the user with certain operational error messages such as a low-postage warning and watchdog timeout condition through the host user interface. The host system may also maintain certain log files; these log files are required to be signed by the PSD with its private key. The host system will transfer the data to sign to the PSD and the PSD will return a digital signature and a certificate (which contains the public key which is unique to the PSD) that can be used later to verify the digital signature. The PSD supports input and output functions with appropriate interfacing devices compatible with the PSD physical, link layer, and application protocols. Due to the secure nature of the PSD, the device does not provide user accessible diagnostic features. Rather, the PSD has an extensive built-in self test suite which is run upon power up. The tests preferably include the normal code memory verification tests, RAM tests, verification of accounting register and data log integrity, and execution of sample cryptographic calculations with known results to verify full functionality of the PSD. Upon successful completion of these tests, the PSD will be enabled to dispense postage funds. If any of the tests fail, the PSD will output its current ascending register and descending values. The host may also obtain the same information via a device audit request message. This will provide the host with additional information which may be forwarded to a Host infrastructure for the purposes of auditing the PSD. Upon the receipt and verification of a Host infrastructure-generated device audit message, preferably the PSD will reset its internal watchdog timer to accommodate control and transaction date information.

It is understood by one skilled in the art that the PSD of the present invention need not be physically located with the postal franking device; it only need be in communication with the postal franking device. For example, it may be located on the host or a computer network. In the instance of the PSD including a PCMCIA Card, the PSD may be connected to the franking device for operation and then disconnected and connected to the host for creation of the log files, etc., through a standard PCMCIA slot. Referring now to Fig. 2, a block diagram of the embodiment of the PCMCIA Card PSD of the present invention interfacing with a host controller is shown, including host controller 64, timeout circuit 66, memory arbiter 68, controller 70, and memory 72. It is envisioned that a number of forms of attack can be executed against the PCMCIA Card PSD wherein an attacker attempts to obtain additional data from the PSD, or otherwise compromise its integrity, by holding the bus for an excessive period of time. Timeout circuit 66 operates to limit the amount of time host controller 64 may have to complete a bus transaction, and will terminate a host-initiated bus transaction if the transaction exceeds a predetermined time limit.

When host 64 wishes to access the PSD implemented in a PCMCIA Card, it waits until read signal 74 is asserted and then asserts select signal 76. This signal is input to timeout circuit 66, which initiates a predetermined timeout interval. Host controller 64 then initiates a read or write cycle by asserting the appropriate read and write signals and setting up the address and data busses accordingly.

Timeout circuit 66 provides a separate select signal 78 to memory arbiter 68, which is effectively a dual port memory controller containing logic which defines conditions under which controller 70 and host controller 64 have access to memory 72. When host controller 64 has access to memory 72, arbiter 68 asserts a hold signal 80 to controller 70, which tells controller 70 to temporarily hold off any further accesses of memory 72. Under these circumstances, controller 70 is typically idle unless it is performing an internal operation not requiring an external memory access. Arbiter 68 allows read and write signals 82 and 84, as well as address and data busses 86 and 88, to pass onto memory 72. Following a successful bus transaction, host controller 64 deasserts select signal 74 to timeout circuit 66 to indicate the normal end of the bus transfer. Timeout circuit 66 likewise deasserts select signal 78 to arbiter 68, which removes host controller's signal levels on the read, write, address and data busses (82, 84, and 86) to memory 72 and signals the controller 70 that it can access memory 72 by deasserting hold signal 80.

If host controller 64 takes too long to complete the bus access, timeout circuit 66 deasserts ready signal 74 to the host controller and select signal 78 to arbiter 68. This causes arbiter 68 to remove host controller's 64 read (84), write (82) address (88) and data (86) signals from memory 72. Hold signal 80 to controller 70 is released to controller 70 can again access memory 72. Alternatively, timeout circuit 66 could also signal controller 70 that the fault occurred by asserting interrupt signal 90 to that device. Logic in the controller 70' s software could be invoked to categorize the problem as a random fault or an attempt to compromise the PSD. If controller 70 determines tampering has been attempted, the controller would refuse further host controller 64 accesses and force the customer to report the situation to the manufacturer, for example, remotely through a telephone call or other network communication or by returning the device.

A preferred embodiment of the PSD implemented on a PCMCIA Card would restrict the area in memory 72 that host controller 64 can access. For example, access can be limited to no access, read-only, write-only, read- write, etc., and the address range in memory 72 can be restricted to a subset available to controller 70. In this manner, controller 70 can hide certain information, such as its most critical security parameters, from both observation or overwriting.

Host interface 42 incorporates timeout circuit

66, PCMCIA memory arbiter 68, and PSD controller 70. Controller 70 corresponds to crypto processor 18 in figure 1. Timeout circuit 66 and arbiter 68 would thus preferably be incorporated into the PSD ASIC but may be added as discrete circuits on the PCMCIA card.

The PSD of the present invention may be used with existing public/private key cryptographical techniques known in the art. See, for example, U.S. Patent Nos. 5,237,506, 5,606,507 and 5,666,284, which are hereby incorporated by reference. The speed with which such encryption is performed, however, may be increased by the use within the PSD of a Secure Memory Management Unit 96 (SMMU) . Preferably, this is obtained from Atalla Corp., of San Jose, California, which is a Tandem Company, and VLSI Technology, of San Jose, California.

As shown in Fig. 3, Memory 98 external to the PSD contains encrypted code. SMMU 96 obtains the encrypted code 100 in portions to be processed by encryption engine 104, is such a manner that it acts as a feed for encryption engine 104. The encryption engine 104 utilizes the appropriate decryption key provided to it by the SMMU 96. This decryption key is securely stored in the PSD ASIC and is never output and so is never known to a potential attacker. The decrypted output from encryption engine 104 is then placed into RAM 106 (also 14 in Fig. 1) . Fig. 3 shows the output of RAM 106 going to processor 108 (also 18 in Fig. 1) . Thus, Fig. 3 depicts secure high speed instruction cache operation. The overall benefit of the SMMU is realized by the fact that a would-be attacker cannot substitute software instructions into the code to alter the intended functionality and that could give the attacker access to the master, private, or public keys held within the PSD ASIC.

While there have been described what are believed to be the preferred embodiments of the invention, those skilled in the art will recognize that other and further modifications may be made thereto without departing from the invention and it is intended to claim all such changes and modifications as fully within the scope of the invention.

Claims

WE CLAIM:
1. A system for increasing the security and efficiency of cryptographic processing resources for postal franking machines, comprising:
(a) an encryption engine;
(b) means for obtaining encrypted code in portions to be processed by the encryption engine;
(c) random access memory;
(d) means for placing decrypted output from the encryption engine into the random access memory.
2. A method for increasing the security and efficiency of cryptographic processing resources for postal franking machines, comprising:
(a) obtaining encrypted code in portions to be processed by an encryption engine;
(b) placing decrypted output from the encryption engine into random access memory.
3. A system for protecting cryptographic processing and memory resources for postal franking machines, comprising:
(a) (1) zeroizing circuitry, (2) read only memory, (3) random access memory, (4) a clock circuit, (5) non-volatile memory,
(6) central cryptographic processor, (7) logic for addressing and data flow, (8) crypto key retention, (9) signature algorithm execution, (10) random number generator, (11) interrupt control and porting, (12) real time calendar 5 clocking and watch-dog timer, (13) hash algorithm, (14) secure memory management unit, and (15) host interface, all disposed within a PCMCIA Card;
(b) means disposed within the PCMCIA Card 10 for monitoring the amount of time a host controller is taking to complete a bus transaction;
(c) means disposed within the PCMCIA Card for comparing the monitored amount of
15 time to a predetermined reference time;
(d) means disposed within the PCMCIA Card for refusing to permit completion of the bus transaction if the monitored amount of time exceeds the predetermined
20 reference time;
(e) an encryption engine disposed within the PCMCIA Card;
(f) means for obtaining encrypted code in portions to be processed by the
25 encryption engine;
(g) random access memory disposed within the PCMCIA Card;
(h) means for placing decrypted output from the encryption engine into the 30 random access memory. U
4. A system for protecting cryptographic processing and memory resources for postal franking machines, comprising:
(a) (1) zeroizing circuitry, (2) read only memory, (3) random access memory, (4) a clock circuit, (5) non-volatile memory, (6) central cryptographic processor, (7) logic for addressing and data flow, (8) crypto key retention, (9) signature algorithm execution, (10) random number generator, (11) interrupt control and porting, (12) real time calendar clocking and watch-dog timer, (13) hash algorithm, (14) secure memory management unit, and (15) host interface, all disposed within a PCMCIA Card;
(b) means disposed within the PCMCIA Card for monitoring the amount of time a host controller is taking to complete a bus transaction;
(c) means disposed within the PCMCIA Card for comparing the monitored amount of time to a predetermined reference time;
(d) means disposed within the PCMCIA Card for refusing to permit completion of the bus transaction if the monitored amount of time exceeds the predetermined reference time.
5. A system for protecting cryptographic processing and memory resources for postal franking machines, comprising an Application Specific Integrated Circuit having (1) zeroizing circuitry, (2) read only memory, (3) random access memory, (4) a clock circuit, (5) non-volatile memory, (6) central cryptographic processor, (7) logic for addressing and data flow, (8) crypto key retention, (9) signature algorithm execution, (10) random number generator, (11) interrupt control and porting, (12) real time calendar clocking and watch-dog timer, (13) hash algorithm, (14) secure memory management unit, and (15) host interface.
6. A system for protecting cryptographic processing and memory resources for postal franking machines, comprising:
(a) an Application Specific Integrated Circuit having (1) zeroizing circuitry, (2) read only memory, (3) random access memory, (4) a clock circuit, (5) nonvolatile memory, (6) central cryptographic processor, (7) logic for addressing and data flow, (8) crypto key retention, (9) signature algorithm execution, (10) random number generator, (11) interrupt control and porting, (12) real time calendar clocking and watch-dog timer, (13) hash algorithm, (14) secure memory management unit, and (15) host interface;
(b) said Application Specific Integrated Circuit being disposed within a Personal Computer Memory International Association card.
7. A method for protecting cryptographic processing and memory resources for postal franking machines, comprising locating the resources to be protected within an Application Specific Integrated
Circuit .
8. A system for protecting cryptographic processing and memory resources for postal franking machines, comprising (1) zeroizing circuitry, (2) read only memory, (3) random access memory, (4) a clock circuit, (5) non-volatile memory, (6) central cryptographic processor, (7) logic for addressing and data flow, (8) crypto key retention, (-9) signature algorithm execution, (10) random number generator, (11) interrupt control and porting, (12) real time calendar clocking and watch-dog timer, (13) hash algorithm, (14) secure memory management unit, and (15) host interface, all disposed within a PCMCIA Card.
9. A method for protecting cryptographic processing and memory resources for postal franking machines, comprising locating the resources to be protected within a PCMCIA Card.
10. A method for protecting cryptographic processing and memory resources for postal franking machines disposed within PCMCIA Card, comprising:
(a) monitoring the amount of time a host controller is taking to complete a bus transaction;
(b) comparing the monitored amount of time to a predetermined reference time;
(c) refusing to permit completion of the bus transaction if the monitored amount of time exceeds the predetermined reference time.
11. A system for protecting cryptographic processing and memory resources for postal franking machines, comprising:
(a) an Application Specific Integrated Circuit having (1) zeroizing circuitry, (2) read only memory, (3) random access memory, (4) a clock circuit, (5) non-volatile memory, (6) central cryptographic processor, (7) logic for addressing and data flow, (8) crypto key retention, (9) signature algorithm execution,
(10) random number generator, (11) interrupt control and porting, (12) real time calendar clocking and watch-dog timer, (13) hash algorithm, (14) secure memory management unit, and (15) host interface;
(b) an encryption engine disposed within the PCMCIA Card;
(c) means for obtaining encrypted code in portions to be processed by the encryption engine;
(d) random access memory disposed within the PCMCIA Card;
(e) means for placing decrypted output from the encryption engine into the random access memory.
PCT/US1997/015856 1996-11-07 1997-11-07 System for protecting cryptographic processing and memory resources for postal franking machines WO1998020461A3 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US3053796 true 1996-11-07 1996-11-07
US60/030,537 1996-11-07
US5004397 true 1997-06-18 1997-06-18
US60/050,043 1997-06-18
US5410597 true 1997-07-29 1997-07-29
US60/054,105 1997-07-29

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US09297784 US6986053B1 (en) 1996-11-07 1997-11-07 System for protecting cryptographic processing and memory resources for postal franking machines
CA 2271097 CA2271097A1 (en) 1996-11-07 1997-11-07 System for protecting cryptographic processing and memory resources for postal franking machines
DE1997636246 DE69736246D1 (en) 1996-11-07 1997-11-07 Device for secure cryptographic processing and protection of Speicherermitteln for franking machines
EP19970947255 EP0958674B1 (en) 1996-11-07 1997-11-07 System for protecting cryptographic processing and memory resources for postal franking machines
DE1997636246 DE69736246T2 (en) 1996-11-07 1997-11-07 Device for secure cryptographic processing and protection of Speicherermitteln for franking machines

Publications (2)

Publication Number Publication Date
WO1998020461A2 true true WO1998020461A2 (en) 1998-05-14
WO1998020461A3 true WO1998020461A3 (en) 1998-10-08

Family

ID=27363669

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/015856 WO1998020461A3 (en) 1996-11-07 1997-11-07 System for protecting cryptographic processing and memory resources for postal franking machines

Country Status (4)

Country Link
CA (1) CA2271097A1 (en)
DE (2) DE69736246D1 (en)
EP (1) EP0958674B1 (en)
WO (1) WO1998020461A3 (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000049580A1 (en) * 1999-02-16 2000-08-24 Neopost, Inc. Postage metering system
EP1022683A3 (en) * 1998-12-21 2000-11-08 Pitney Bowes Inc. System and method for suppressing conducted emissions by a cryptographic device
EP1035516A3 (en) * 1999-03-12 2000-12-20 Francotyp-Postalia AG & Co. Arrangement for a security module
EP1035513A3 (en) * 1999-03-12 2000-12-20 Francotyp-Postalia Aktiengesellschaft & Co. Security module with status signalization
EP1035517A3 (en) * 1999-03-12 2000-12-20 Francotyp-Postalia Aktiengesellschaft & Co. Method for the protection of a security module and arrangement for implementing said method
EP1035518A3 (en) * 1999-03-12 2000-12-20 Francotyp-Postalia Aktiengesellschaft & Co. Method for the protection of a security module and arrangement for implementing said method
GB2363868A (en) * 2000-06-19 2002-01-09 Pitney Bowes Ltd Generation of authentication codes for a postage meter by use of a smart card
US6381589B1 (en) 1999-02-16 2002-04-30 Neopost Inc. Method and apparatus for performing secure processing of postal data
DE10056989A1 (en) * 2000-11-17 2002-05-23 Secware Technologies Ag Application-specific integrated circuit for encoding and decoding data streams has PCMCIA interface connectable to card storing key information
EP1271968A2 (en) * 2001-06-26 2003-01-02 Alcatel S.A. Distributed scalable storage fabric architectur using network interfacing for data input
US6523013B2 (en) 1998-07-24 2003-02-18 Neopost, Inc. Method and apparatus for performing automated fraud reporting
US6523014B1 (en) * 1998-03-18 2003-02-18 Francotyp-Postalia Ag & Co. Franking unit and method for generating valid data for franking imprints
US6591251B1 (en) 1998-07-22 2003-07-08 Neopost Inc. Method, apparatus, and code for maintaining secure postage data
EP1278164A3 (en) * 2001-07-16 2004-01-14 Francotyp-Postalia AG & Co. System and method for changing the functionality of a security module
EP1386249A2 (en) * 2001-02-23 2004-02-04 Ascom Hasler Mailing Systems, Inc. Removable data carrier
US6766308B2 (en) 1998-07-24 2004-07-20 Neopost Industrie S.A. Method and apparatus for placing automated calls for postage meter and base
US6766455B1 (en) 1999-12-09 2004-07-20 Pitney Bowes Inc. System and method for preventing differential power analysis attacks (DPA) on a cryptographic device
US6938018B2 (en) 1995-11-22 2005-08-30 Neopost Inc. Method and apparatus for a modular postage accounting system
EP1570398A2 (en) * 2002-11-26 2005-09-07 Neopost Industrie Sa Metering funds debit and credit for multi use
US7028014B1 (en) * 1998-03-18 2006-04-11 Ascom Hasler Mailing Systems Tamper resistant postal security device with long battery life
US7069253B2 (en) 2002-09-26 2006-06-27 Neopost Inc. Techniques for tracking mailpieces and accounting for postage payment
US7085725B1 (en) 2000-07-07 2006-08-01 Neopost Inc. Methods of distributing postage label sheets with security features
US7194957B1 (en) 1999-11-10 2007-03-27 Neopost Inc. System and method of printing labels

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4743747A (en) * 1985-08-06 1988-05-10 Pitney Bowes Inc. Postage and mailing information applying system
US5218638A (en) * 1990-12-07 1993-06-08 Hitachi Ltd. Encipher method and decipher method
US5343025A (en) * 1992-01-07 1994-08-30 Tokyo Electric Co., Ltd. Check-out device with activity sensor terminating article input
US5389738A (en) * 1992-05-04 1995-02-14 Motorola, Inc. Tamperproof arrangement for an integrated circuit device
US5457746A (en) * 1993-09-14 1995-10-10 Spyrus, Inc. System and method for access control for portable data storage media
US5517184A (en) * 1991-06-21 1996-05-14 C & M Technology, Inc. Electronic combination lock with high security features
US5590198A (en) * 1995-12-19 1996-12-31 Pitney Bowes Inc. Open metering system with super password vault access
US5688056A (en) * 1993-06-17 1997-11-18 Gemplus Card International Method for controlling a printer in order to obtain postages

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4814591A (en) * 1987-04-13 1989-03-21 Kabushiki Kaisha Toshiba Portable medium
GB8804689D0 (en) * 1988-02-29 1988-03-30 Alcatel Business Systems Franking system
NL9101594A (en) * 1991-09-20 1993-04-16 Tres Automatisering B V Computer system security.
US5448641A (en) * 1993-10-08 1995-09-05 Pitney Bowes Inc. Postal rating system with verifiable integrity
US5682427A (en) * 1994-12-15 1997-10-28 Pitney Bowes Inc. Postage metering system with dedicated and non-dedicated postage printing means
US5602921A (en) * 1994-12-15 1997-02-11 Pitney Bowes Inc. Postage accounting system including means for transmitting ASCII encoded variable information for driving an external printer
US5535279A (en) * 1994-12-15 1996-07-09 Pitney Bowes Inc. Postage accounting system including means for transmitting a bit-mapped image of variable information for driving an external printer

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4743747A (en) * 1985-08-06 1988-05-10 Pitney Bowes Inc. Postage and mailing information applying system
US5218638A (en) * 1990-12-07 1993-06-08 Hitachi Ltd. Encipher method and decipher method
US5517184A (en) * 1991-06-21 1996-05-14 C & M Technology, Inc. Electronic combination lock with high security features
US5343025A (en) * 1992-01-07 1994-08-30 Tokyo Electric Co., Ltd. Check-out device with activity sensor terminating article input
US5389738A (en) * 1992-05-04 1995-02-14 Motorola, Inc. Tamperproof arrangement for an integrated circuit device
US5688056A (en) * 1993-06-17 1997-11-18 Gemplus Card International Method for controlling a printer in order to obtain postages
US5457746A (en) * 1993-09-14 1995-10-10 Spyrus, Inc. System and method for access control for portable data storage media
US5590198A (en) * 1995-12-19 1996-12-31 Pitney Bowes Inc. Open metering system with super password vault access

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP0958674A2 *

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6938018B2 (en) 1995-11-22 2005-08-30 Neopost Inc. Method and apparatus for a modular postage accounting system
US6424954B1 (en) 1998-02-17 2002-07-23 Neopost Inc. Postage metering system
US6523014B1 (en) * 1998-03-18 2003-02-18 Francotyp-Postalia Ag & Co. Franking unit and method for generating valid data for franking imprints
US7028014B1 (en) * 1998-03-18 2006-04-11 Ascom Hasler Mailing Systems Tamper resistant postal security device with long battery life
US6701304B2 (en) 1998-07-22 2004-03-02 Neopost Inc. Method and apparatus for postage label authentication
US6591251B1 (en) 1998-07-22 2003-07-08 Neopost Inc. Method, apparatus, and code for maintaining secure postage data
US6766308B2 (en) 1998-07-24 2004-07-20 Neopost Industrie S.A. Method and apparatus for placing automated calls for postage meter and base
US6523013B2 (en) 1998-07-24 2003-02-18 Neopost, Inc. Method and apparatus for performing automated fraud reporting
EP1022683A3 (en) * 1998-12-21 2000-11-08 Pitney Bowes Inc. System and method for suppressing conducted emissions by a cryptographic device
US6594760B1 (en) 1998-12-21 2003-07-15 Pitney Bowes Inc. System and method for suppressing conducted emissions by a cryptographic device
US6748535B1 (en) 1998-12-21 2004-06-08 Pitney Bowes Inc. System and method for suppressing conducted emissions by a cryptographic device comprising an integrated circuit
US6381589B1 (en) 1999-02-16 2002-04-30 Neopost Inc. Method and apparatus for performing secure processing of postal data
US6816844B2 (en) 1999-02-16 2004-11-09 Neopost Inc. Method and apparatus for performing secure processing of postal data
WO2000049580A1 (en) * 1999-02-16 2000-08-24 Neopost, Inc. Postage metering system
US6771179B1 (en) 1999-03-12 2004-08-03 Francotyp-Postalia Ag & Co. Kg Security module with status signaling
US6625741B1 (en) 1999-03-12 2003-09-23 Francotyp-Postalia Ag & Co. Kg Arrangement for a security module
US6952777B1 (en) 1999-03-12 2005-10-04 Francotyp-Postalia Ag & Co. Method for protecting a security module and arrangement for the implementation of the method
US7194443B1 (en) 1999-03-12 2007-03-20 Francotyp-Postalia Ag & Co. Method for protecting a security module and arrangement for the implementation of the method
EP1035513A3 (en) * 1999-03-12 2000-12-20 Francotyp-Postalia Aktiengesellschaft & Co. Security module with status signalization
EP1035517A3 (en) * 1999-03-12 2000-12-20 Francotyp-Postalia Aktiengesellschaft & Co. Method for the protection of a security module and arrangement for implementing said method
EP1035518A3 (en) * 1999-03-12 2000-12-20 Francotyp-Postalia Aktiengesellschaft & Co. Method for the protection of a security module and arrangement for implementing said method
EP1035516A3 (en) * 1999-03-12 2000-12-20 Francotyp-Postalia AG & Co. Arrangement for a security module
US7194957B1 (en) 1999-11-10 2007-03-27 Neopost Inc. System and method of printing labels
US6766455B1 (en) 1999-12-09 2004-07-20 Pitney Bowes Inc. System and method for preventing differential power analysis attacks (DPA) on a cryptographic device
GB2363868A (en) * 2000-06-19 2002-01-09 Pitney Bowes Ltd Generation of authentication codes for a postage meter by use of a smart card
GB2363868B (en) * 2000-06-19 2004-12-01 Pitney Bowes Ltd Secure data storage on open systems
US7085725B1 (en) 2000-07-07 2006-08-01 Neopost Inc. Methods of distributing postage label sheets with security features
DE10056989A1 (en) * 2000-11-17 2002-05-23 Secware Technologies Ag Application-specific integrated circuit for encoding and decoding data streams has PCMCIA interface connectable to card storing key information
EP1386249A4 (en) * 2001-02-23 2008-12-31 Ascom Hasler Mailing Sys Inc Removable data carrier
EP1386249A2 (en) * 2001-02-23 2004-02-04 Ascom Hasler Mailing Systems, Inc. Removable data carrier
EP1271968A3 (en) * 2001-06-26 2005-05-25 Alcatel S.A. Distributed scalable storage fabric architectur using network interfacing for data input
EP1271968A2 (en) * 2001-06-26 2003-01-02 Alcatel S.A. Distributed scalable storage fabric architectur using network interfacing for data input
US7043631B2 (en) 2001-07-16 2006-05-09 Francotyp Postalia Ag & Co. Kg Arrangement and method for modifying the functionality of a security module
EP1278164A3 (en) * 2001-07-16 2004-01-14 Francotyp-Postalia AG & Co. System and method for changing the functionality of a security module
US7069253B2 (en) 2002-09-26 2006-06-27 Neopost Inc. Techniques for tracking mailpieces and accounting for postage payment
EP1570398A2 (en) * 2002-11-26 2005-09-07 Neopost Industrie Sa Metering funds debit and credit for multi use
EP1570398A4 (en) * 2002-11-26 2008-04-02 Neopost Ind Sa Metering funds debit and credit for multi use

Also Published As

Publication number Publication date Type
EP0958674A4 (en) 2004-07-07 application
DE69736246T2 (en) 2007-05-16 grant
EP0958674A2 (en) 1999-11-24 application
WO1998020461A3 (en) 1998-10-08 application
EP0958674B1 (en) 2006-06-28 grant
DE69736246D1 (en) 2006-08-10 grant
CA2271097A1 (en) 1998-05-14 application

Similar Documents

Publication Publication Date Title
US6510521B1 (en) Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage
US5960084A (en) Secure method for enabling/disabling power to a computer system following two-piece user verification
US5982899A (en) Method for verifying the configuration the computer system
US5001752A (en) Public/key date-time notary facility
US6334118B1 (en) Software rental system and method for renting software
US6151590A (en) Network open metering system
US7103771B2 (en) Connecting a virtual token to a physical token
US20020104004A1 (en) Method and apparatus for synchronizing real-time clocks of time stamping cryptographic modules
US6557104B2 (en) Method and apparatus for secure processing of cryptographic keys
US6044350A (en) Certificate meter with selectable indemnification provisions
US6292899B1 (en) Volatile key apparatus for safeguarding confidential data stored in a computer system memory
US5262939A (en) System for processing parcel shipping
US7055029B2 (en) Cryptographic system enabling ownership of a secure process
US6466921B1 (en) Virtual postage meter with secure digital signature device
US6996710B1 (en) Platform and method for issuing and certifying a hardware-protected attestation key
US20030144972A1 (en) System and method for controlling a postage metering system using data required for printing
US5835689A (en) Transaction evidencing system and method including post printing and batch processing
US5805712A (en) Apparatus and method for providing secured communications
US6345359B1 (en) In-line decryption for protecting embedded software
US20020194476A1 (en) Method and apparatus for uniquely and authoritatively identifying tangible objects
US4649510A (en) Methods and apparatus for the protection and control of computer programs
US6681214B1 (en) Secure system for printing authenticating digital signatures
US20050210287A1 (en) Secure mode controlled memory
US5793867A (en) System and method for disaster recovery in an open metering system
US20020042884A1 (en) Remote printing of secure and/or authenticated documents

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): CA JP US

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase in:

Ref document number: 2271097

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 09297784

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 1997947255

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1997947255

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 1997947255

Country of ref document: EP

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)