EP0811955A2 - Appareil sécurisé et procédé pour imprimer des valeurs avec une imprimante de valeur - Google Patents
Appareil sécurisé et procédé pour imprimer des valeurs avec une imprimante de valeur Download PDFInfo
- Publication number
- EP0811955A2 EP0811955A2 EP19970109204 EP97109204A EP0811955A2 EP 0811955 A2 EP0811955 A2 EP 0811955A2 EP 19970109204 EP19970109204 EP 19970109204 EP 97109204 A EP97109204 A EP 97109204A EP 0811955 A2 EP0811955 A2 EP 0811955A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- printing
- data
- value
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00314—Communication within apparatus, personal computer [PC] system, or server, e.g. between printhead and central unit in a franking machine
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00459—Details relating to mailpieces in a franking system
- G07B17/00508—Printing or attaching on mailpieces
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00314—Communication within apparatus, personal computer [PC] system, or server, e.g. between printhead and central unit in a franking machine
- G07B2017/00322—Communication between components/modules/parts, e.g. printer, printhead, keyboard, conveyor or central unit
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/0079—Time-dependency
- G07B2017/00806—Limited validity time
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/00854—Key generation
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/0087—Key distribution
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00919—Random number generator
Definitions
- This invention relates to an apparatus and method for securely printing indicia, e.g. text and variable graphics information.
- the invention is applicable to such an apparatus and method wherein security is provided through cryptography.
- U.S. Patents Nos. 4,802,218 and 4,864,618 issued January 31, 1989 and September 5, 1989, to Christopher B. Wright et al. describe an automated transaction system, such as a postage transaction system, in which a postage account is maintained with a microprocessor card which is used in transactions with postage printing and metering terminals.
- the patents particularly address security and provide for a secure handshake recognition procedure to be mutually executed between the card and the terminal so that they each recognize the other as authorized to execute a transaction.
- Fig. 1 of the Wright et al. patents illustrates a postage metering terminal wherein a microprocessor card 10 is inserted in a slot 11 of the automated transaction terminal 20.
- the card completes multiple contacts with the terminal and a trip switch indicating full insertion triggers a start signal.
- the start signal is sent to an operations microprocessor or terminal MPU 30.
- the terminal MPU 30 controls the interface with the card and the operation of the various parts of the terminal, including the printer 40 which is the value dispensing section of the terminal.
- a power source Vo is provided by a battery or the like to power the various parts of the terminal.
- the printer 40 contains a microprocessor unit (printer MPU) 41 which controls the operation of the printhead 42.
- the MPU 41 executes an internal program (FIRMWARE), as does the card microprocessor, so that it cannot be tampered with from the outside.
- the printer MPU's internal program includes unique encryption algorithms parallel to those stored in the card's microprocessor. These are installed by the manufacturer so that the printer MPU can execute a secure handshake recognition procedure with the card's microprocessor to authorize a requested transaction.
- the MPU 41 is formed integrally with the printhead 42, such as by embedding in epoxy or the like, so that it cannot be physically accessed without destroying the printhead. Thus the printhead 42 of the postage metering terminal 20 can only be operated through the MPU 41, and will print a postmark only when the handshake recognition procedure and a postmark print command have been executed between the card MPU and the printer MPU 41.
- the handshake operation of the Wright et al. patents operates as follows.
- the card MPU 60 initiates the handshake procedure upon receipt of the commence signal.
- the card MPU Upon verifying that the requested transaction is authorized, the card MPU encrypts an object number N, which may be a randomly generated number, with a key number k1 (which may be the printer's PIN) stored in the secret zone of its memory by a first encryption algorithm E1 and sends the resultant word W1 through the handshake channel 61 of terminal MPU 30 to the printer MPU 41.
- N which may be a randomly generated number
- k1 which may be the printer's PIN
- the printer MPU 41 Upon receipt of the word W1, the printer MPU 41 decodes the number using the same number k1 by the inverse algorithm E1'.
- the number k1 may be a secret key number stored in the printer MPU's memory at the time of validation, or in an open system, it may be the PIN entered by the user on the terminal, or a combination of both.
- the printer MPU 41 then encrypts the decoded number with the number k1 by a second encryption algorithm E2 to send a second word W2 back to the card MPU 60.
- the card MPU 60 Upon receipt of the word W2, the card MPU 60 decodes the number again using the key number k1 by the inverse of the second algorithm E2', and compares the decoded number with the number it used in the first transmission. If the numbers-match, the handshake procedure has been successfully completed, and the card and printer MPUs have recognized each other as a authorized to execute the requested transaction.
- the printhead in the Wright et al. patents does not include hardware for storing data during periods when the power is off.
- the printer 40 itself is not secure.
- An indicia printed with the printhead of the Wright et al. arrangement can be reprinted any number of times by reproducing the electrical signal used for the first legitimate print.
- the foregoing disadvantages of the postal mailing systems of the prior art may be overcome and the aforementioned objectives may be achieved in accordance with the invention by communication with a dot addressable or the like printhead secured by an encryption arrangement.
- the printhead includes a secure non-volatile static random access memory (NOVRAM) in addition to a secure application specific purpose microprocessor chip.
- NOVRAM non-volatile static random access memory
- NVM non-volatile memory
- ASIC application specific integrated circuit.
- a key is changed each print cycle and stored in the NOVRAM or NVM even during times when the power is off. This access key changes for each print cycle.
- an unauthorized user who learns the key used for the last print cycle is unable to print an image and cannot reprint an image by reproducing the electrical signals used to print the original image.
- a printer microprocessor unit and non-volatile static random access memory are mounted in secure fashion within the printhead.
- a number R is read from the non-volatile static random access memory (NOVRAM) in the printhead.
- NOVRAM non-volatile static random access memory
- the value of R is changed using a pseudo-random number generator and the new value is stored in the NOVRAM.
- the number R is encrypted using the public key of a public key encryption scheme to produce a number N.
- the encrypted number N is sent to the user.
- An authorized user has the private key for the encryption scheme and calculates R.
- the user takes the data that is to be printed and performs an exclusive-or operation with the binary expansion of the number R. After the exclusive-or operation the converted data is sent to the printer.
- the printhead takes the input converted data and again applies the exclusive-or operation to reproduce the original print data and this is printed.
- a significant improvement in security is provided by this use of a changing key stored in non-volatile printhead memory that allows the printhead to be accessed only by authorized users.
- meters include parcel service meters, tax stamp meters, check writing meters, ticket imprinters, and other similar devices.
- Fig. 1 shows in a simplified block diagram a form of mailing system which may be utilized with embodiments of the invention.
- the mailing system may comprise a postal meter 10 which is herein referred to as an electronic vault or as a vault.
- the vault is in communication with a host 12 in a conventional fashion. It will be understood that the vault may take many forms, including the form of a card such as described in the Wright et al. U.S. Patents Nos. 4,802,218 and 4,864,618, referenced hereinabove.
- the vault may also constitute a module of more substantial size coupled to the host, such as described, for example, in U.S. Patent No. 4,858,138, issued August 15, 1989, to Paul C. Talmadge and assigned to the assignee of the instant application.
- the vault includes a microprocessor (MPU) 14 which is coupled through a non-volatile memory (NVM) 16 through security logic 18.
- MPU microprocessor
- NVM non-volatile memory
- ROM read only memory
- the host 12 includes an operations microprocessor (MPU) 22 and the printhead housing 24.
- the operations microprocessor 22 provides intelligence to allow for communication back and forth to vault microprocessor 14 via interface 26 to initiate printing when the proper information is exchanged.
- a keyboard (not shown) in the host 12 may be provided to send information representing the postage amount to the operations microprocessor 22.
- the printhead housing 24 is manufactured as a secure housing, and includes an operation specific printer microprocessor 28, NOVRAM 30, and printing mechanism or printhead 32 for printing indicia on a mail piece or the like 34. In a preferred embodiment the printing mechanism, NOVRAM and microprocessor constitute an integral unit.
- a printhead number is stored in the printhead NOVRAM 30 to impart a unique character to the specific printhead. Also stored in the NOVRAM 30 is a printhead seed R which is used by the printhead cryptographic pseudo-random number generator to generate nonces.
- the NOVRAM 30 also has stored therein in encrypted form the printhead key Kph which is the key used by the printhead and vault to generate the session key.
- the printhead key Kph is stored in the NOVRAM encrypted with the printhead security key Ka.
- the graphics key Kg which is the key used by the manufacturer and printhead to secure graphics and other printhead data, is also stored in the NOVRAM encrypted with Ka.
- the printhead security key Ka is itself stored in the printhead ASIC.
- the printhead master key Kphm is stored securely in the vault. This key is used by the vault to calculate the printhead key from the printhead number.
- the vault security key Kv is stored in the vault ASIC. This key is used by the vault ASIC to encrypt secret information stored in NVM.
- Fig. 2 For convenience of reference the foregoing symbols are presented in tabular form in Fig. 2 showing the symbol name, description and source.
- the abbreviated form NVM is used for NOVRAM in the Fig. 2 table.
- Fig. 2 also identifies the session nonce Ns, vault nonce Nv, indicia nonce Ni and session key Ks.
- the session nonce Ns is generated by the printhead with the printhead seed R and the printhead key Kph to assure session freshness.
- the vault nonce Nv is a pseudo-random number generated in the vault to assure that the printhead is present at the beginning of a session.
- the indicia nonce Ni is a nonce generated with R and Kph by the printhead to ensure indicia freshness.
- the session key Ks is the key used by the printhead and vault to communicate during one session.
- the session key is generated from Ns and Kph.
- the printhead key is good for initializing sessions with the vault.
- the number R is read from the NOVRAM 30 and the value of R is changed using a pseudo-random number generator and the new value is stored in NOVRAM 30.
- the encrypted number N is sent to the user.
- An authorized user has the private key K_private for this encryption scheme.
- the user takes the data that is to be printed and performs an exclusive-or operation with the binary expansion of the number R.
- R may typically contain 1,000 bits and the print data may require multiple copies of R to convert all of the data. After the exclusive-or operation the converted data is sent to the printer.
- the printhead microprocessor applies a random number generator and stores a new value 10011101.
- the printhead takes the input converted data and again applies the exclusive-or operation to reproduce the original print data:
- FIG. 3 A typical initialization of the system for a printing operation is now described in conjunction with a series of flow diagrams commencing with the simplified flow diagram of Fig. 3.
- the printhead security key Ka is installed in the printhead ASIC at 36. This universal key secures data external to the printhead ASIC.
- the vault security key Kv is installed in the vault ASIC at 38. This universal key secures data external to the vault ASIC and requires an update to the ASIC.
- the printhead number Nph is installed in NVM in the printhead. Each printhead should have a unique number to initialize it. This is required in order that the software random number generators on different printheads produce different numbers.
- the encrypted printhead key ⁇ Kph ⁇ Ka is installed in NVM at 42.
- the printhead key is derived by the vault from the printhead number using the printhead master key.
- the printhead needs the printhead key encrypted with the printhead security key. This separation ensures that an attacker who opens and deciphers everything in one printhead will not possess sufficient information to use a second or other printheads.
- the encrypted graphic key ⁇ Kg ⁇ Ka is installed in NVM. This is a universal key that secures the graphics. It is not built in the ASIC in order to provide the option of changing the key in the future.
- the printhead master key Kphm is installed in the vault. This is a universal key used by the vault to communicate with printheads. The vault believes that the printhead master key is good for deriving the printhead key from the printhead number.
- graphics signing at the factory is illustrated in the flowchart of Fig. 4.
- graphics are assigned at the factory with the graphics key at 48.
- the vendor should be able to rely on the graphics key as a good key for authenticating graphics to the printhead and have reasonable assurance that the printhead is protected from producing counterfeit images by the graphics key.
- Two practical methods are available for signing graphics. In one method a message authentication code is generated by chaining DES encryptions. In an alternate method a CRC is generated with a secret polynomial and the polynomial is encrypted. Chaining DES encryptions is commonly used in financial applications to assure message integrity.
- a label can be attached to the graphics indicating the type of image and the label and graphics signed together.
- the indicia graphics are assigned at 50.
- the indicia graphics include information about the location of fields so that attackers cannot permute characters in the indicia.
- the slogan graphics are assigned at 52 and the font graphics assigned at 54.
- the font graphics label includes the ASCII character represented.
- the permit graphics are assigned at 56.
- the initialization of the printhead graphics is illustrated in Fig. 5.
- the printhead graphics are initialized with the graphics key at 58.
- the graphics key is decrypted with the printhead security key at 60 and the indicia graphics are loaded and verified at 62.
- the graphics are loaded into the printhead NOVRAM. They are cryptographically verified each time they are loaded and a bit is set that indicates acceptance of the signature of the graphics.
- the add slogan graphics are loaded at 64 and a bit set that indicates acceptance of the signature of those graphics.
- the font graphics are loaded and verified at 66 and a bit set that indicates acceptance of the signature of those graphics.
- the permit graphics are loaded and verified and a bit set that indicates acceptance of the graphics signature.
- the initialization of a session is illustrated in simplified flowchart form in Fig. 6.
- the printhead believes that the session key is authentic for communicating with the vault and believes that the vault "meter number" is also authentic.
- the vault believes that the session key is good for communicating with the printhead.
- the printhead key is decrypted with the printhead security key.
- the printhead outputs a number and session nonce at 72.
- the printhead calculates the session key from the printhead key and nonce at 74 and the vault generates the printhead key from Nph with the printhead master key at 76.
- the vault calculates the session key from the printhead key and nonce.
- the vault sends the meter number, session nonce (and vault nonce) encrypted with the session key.
- the vault nonce authenticates the printhead to the vault. This assures the vault that the data it is sending is in fact going to a printhead.
- the printhead verifies the session nonce, saves the meter number and outputs the vault nonce at 82.
- the vault verifies the vault nonce at 84.
- Fig. 7 shows in simplified flowchart form a request indicia print procedure.
- the printhead believes that the vault believes the "indicia number, piece count, postage.”
- the printhead outputs the indicia nonce.
- the printhead seed is updated after each nonce.
- the vault encrypts the piece count, postage, (date), indicia nonce with the session key at 88.
- the printhead decrypts the piece count, postage, and indicia nonce.
- the printing of a report procedure is illustrated in flowchart form in Fig. 8.
- the printhead believes that the vault believes the report and that the image represents the report.
- the verifier believes the vault articulated the report.
- the printhead sends the report nonce.
- the printhead and vault derive the session key at 94 and the vault encrypts the numerical data in the report at 96.
- the printhead verifies the font data in the report at 98 and indicates it needs a signed "format" for the report at 100.
- the protocol is set forth in tabular form in Fig. 9.
- the principles in the protocol are V-vault, P-printhead, and M-manufacturer.
- the notation for encryption is that ⁇ M ⁇ K is the message M encrypted with the key K.
- the notation for signing is that [M]K is the message M signed with the key K.
- the printhead key is encrypted in NVM in a way that the printhead does not know the map from the printhead number to the printhead key.
- the steps indicated and described in Fig. 9 are performed under the security of the manufacturing process.
- the protocol for the signing of the graphics is illustrated in tabular form in Fig. 10.
- the required messages from 7-11 in Fig. 10 are sent to the printhead, verified and installed.
- the channel need not be particularly secure.
- An ad slogan could be used, if desired.
- the images should be reasonably well scrambled, in a way that the customer cannot easily reverse the scrambling.
- step 12 the printhead generates a new nonce Ns for the session.
- the printhead calculates the session key Ks from the nonce by decrypting Kph from NVM and encrypting Ns.
- the vault calculates Ks by encrypting Nph with Kphm.
- the vault sends Nv encrypted to provide assurance that the printhead is present.
- the printhead verifies the encrypted Ns to verify that the vault is valid.
- the indicia serial number is sent at this point to avoid having to send it for each indicia.
- the printhead decrypts the message and verifies Ns.
- the vault verifies the printhead retrieved Nv to authenticate the printhead.
- the vault and printhead are now ready to print indicia and the session is now initialized.
- the printhead At step 15 for each indicia the printhead generates a nonce to assure that the indicia is fresh.
- the vault prepares a message with the indicia information and the indicia nonce, encrypts it, and sends it to the printhead.
- the printhead verifies the indicia nonce is encrypted, loads the data into the image, and prints the indicia.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Devices For Checking Fares Or Tickets At Control Points (AREA)
- Accessory Devices And Overall Control Thereof (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US66002796A | 1996-06-06 | 1996-06-06 | |
US660027 | 1996-06-06 |
Publications (1)
Publication Number | Publication Date |
---|---|
EP0811955A2 true EP0811955A2 (fr) | 1997-12-10 |
Family
ID=24647823
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19970109204 Withdrawn EP0811955A2 (fr) | 1996-06-06 | 1997-06-06 | Appareil sécurisé et procédé pour imprimer des valeurs avec une imprimante de valeur |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP0811955A2 (fr) |
CA (1) | CA2206937A1 (fr) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1022684A2 (fr) * | 1998-12-24 | 2000-07-26 | Pitney Bowes Inc. | Procédé de limitation de l'utilisation de clés dans un système d'affranchissement produisant des timbres postaux protégée par cryptographie |
EP0939383A3 (fr) * | 1998-02-27 | 2000-11-02 | Pitney Bowes Inc. | Système de machine à affranchir avec procédé pour éviter les fraudes des données d'impression qui sont envoyées d'une machine à affranchir à une imprimante |
US6188997B1 (en) * | 1999-04-19 | 2001-02-13 | Pitney Bowes Inc. | Postage metering system having currency synchronization |
US6233565B1 (en) | 1998-02-13 | 2001-05-15 | Saranac Software, Inc. | Methods and apparatus for internet based financial transactions with evidence of payment |
WO2001084284A2 (fr) * | 2000-05-01 | 2001-11-08 | R.R. Donnelley & Sons Company | Procede et appareil permettant d'obtenir la copie imprimee d'un document via l'internet |
GB2378871A (en) * | 2001-07-13 | 2003-02-19 | Hewlett Packard Co | Printer regulation through public-key encryption and verification of a user |
EP1398741A2 (fr) * | 2002-09-10 | 2004-03-17 | Wincor Nixdorf International GmbH | Mémorisation sécurisée de données de journal |
FR2865830A1 (fr) * | 2004-01-30 | 2005-08-05 | Neopost Ind | Systeme d'affranchissement de courrier a mode d'impression externe securise |
EP1755272A3 (fr) * | 1999-03-30 | 2007-09-12 | Pitney Bowes, Inc. | Procédé à certifier des codes publics utilisés pour signer des marques d'affranchissement et marques d'affranchissement ainsi signées |
-
1997
- 1997-06-02 CA CA 2206937 patent/CA2206937A1/fr not_active Abandoned
- 1997-06-06 EP EP19970109204 patent/EP0811955A2/fr not_active Withdrawn
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6233565B1 (en) | 1998-02-13 | 2001-05-15 | Saranac Software, Inc. | Methods and apparatus for internet based financial transactions with evidence of payment |
EP0939383A3 (fr) * | 1998-02-27 | 2000-11-02 | Pitney Bowes Inc. | Système de machine à affranchir avec procédé pour éviter les fraudes des données d'impression qui sont envoyées d'une machine à affranchir à une imprimante |
US6938023B1 (en) | 1998-12-24 | 2005-08-30 | Pitney Bowes Inc. | Method of limiting key usage in a postage metering system that produces cryptographically secured indicium |
EP1022684A2 (fr) * | 1998-12-24 | 2000-07-26 | Pitney Bowes Inc. | Procédé de limitation de l'utilisation de clés dans un système d'affranchissement produisant des timbres postaux protégée par cryptographie |
EP1022684A3 (fr) * | 1998-12-24 | 2000-11-15 | Pitney Bowes Inc. | Procédé de limitation de l'utilisation de clés dans un système d'affranchissement produisant des timbres postaux protégée par cryptographie |
EP1755272A3 (fr) * | 1999-03-30 | 2007-09-12 | Pitney Bowes, Inc. | Procédé à certifier des codes publics utilisés pour signer des marques d'affranchissement et marques d'affranchissement ainsi signées |
US6188997B1 (en) * | 1999-04-19 | 2001-02-13 | Pitney Bowes Inc. | Postage metering system having currency synchronization |
WO2001084284A3 (fr) * | 2000-05-01 | 2003-01-16 | Donnelley & Sons Co | Procede et appareil permettant d'obtenir la copie imprimee d'un document via l'internet |
WO2001084284A2 (fr) * | 2000-05-01 | 2001-11-08 | R.R. Donnelley & Sons Company | Procede et appareil permettant d'obtenir la copie imprimee d'un document via l'internet |
GB2378871B (en) * | 2001-07-13 | 2004-11-10 | Hewlett Packard Co | Printer regulation through verification of a user |
GB2378871A (en) * | 2001-07-13 | 2003-02-19 | Hewlett Packard Co | Printer regulation through public-key encryption and verification of a user |
EP1398741A2 (fr) * | 2002-09-10 | 2004-03-17 | Wincor Nixdorf International GmbH | Mémorisation sécurisée de données de journal |
EP1398741A3 (fr) * | 2002-09-10 | 2004-07-28 | Wincor Nixdorf International GmbH | Mémorisation sécurisée de données de journal |
FR2865830A1 (fr) * | 2004-01-30 | 2005-08-05 | Neopost Ind | Systeme d'affranchissement de courrier a mode d'impression externe securise |
EP1569173A1 (fr) * | 2004-01-30 | 2005-08-31 | Neopost Industrie | Systeme d'affranchissement de courrier à mode d'impression externe sécurisé |
US7917453B2 (en) | 2004-01-30 | 2011-03-29 | Neopost Technologies | Mail franking system with a secure external printing mode |
Also Published As
Publication number | Publication date |
---|---|
CA2206937A1 (fr) | 1997-12-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5142577A (en) | Method and apparatus for authenticating messages | |
CN1097902C (zh) | 邮资计费系统和邮资计费检验方法 | |
US5812664A (en) | Key distribution system | |
US5949879A (en) | Auditable security system for the generation of cryptographically protected digital data | |
US7916871B2 (en) | Technique for split knowledge backup and recovery of a cryptographic key | |
EP0678836B1 (fr) | Méthode et moyens pour combiner et diriger le chiffrage de la vérification des personnes et des messages d'authentification lors d'une transmission sur un réseau | |
US6724894B1 (en) | Cryptographic device having reduced vulnerability to side-channel attack and method of operating same | |
US5982506A (en) | Method and system for electronic document certification | |
US6064989A (en) | Synchronization of cryptographic keys between two modules of a distributed system | |
CN1148704C (zh) | 包括防止篡改从邮资计费仪发送到打印机的打印数据的邮资打印系统及其操作方法 | |
WO2001039429A1 (fr) | Valeurs de verification d'integrite fondees sur des matrices binaires pseudo-aleatoires | |
JPH09238132A (ja) | 携帯用端末通信システム及びその通信方法 | |
US6029137A (en) | Updating domains in a postage evidencing system | |
CA2677458C (fr) | Methode et systeme de protection des communications dans un compteur | |
EP0825562B1 (fr) | Procédé et appareil pour changer à distance les caractéristiques de sécurité d'une machine à affranchir | |
EP1770650A2 (fr) | Procédé de sécurisation d'enregistrements de données postales dans un dispostif d'affranchissement | |
EP0811955A2 (fr) | Appareil sécurisé et procédé pour imprimer des valeurs avec une imprimante de valeur | |
WO2002045320A2 (fr) | Procede d'utilisation dynamique de clefs de chiffrage dans une affranchisseuse | |
JPS60171583A (ja) | 情報処理装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: STEINMETZ, JOHN H. Inventor name: PARKOS, MARIA P. Inventor name: NACLERIO, EDWARD J. Inventor name: D'ANDREA, THOMAS A. Inventor name: CORDERY, ROBERT A. |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: STEINMETZ, JOHN H. Inventor name: PARKOS, MARIA P. Inventor name: NACLERIO, EDWARD J. Inventor name: D'ANDREA, THOMAS A. Inventor name: CORDERY, ROBERT A. |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
18W | Application withdrawn |
Withdrawal date: 19980630 |