WO1999048053A1 - System and method for management of postage meter licenses - Google Patents

System and method for management of postage meter licenses Download PDF

Info

Publication number
WO1999048053A1
WO1999048053A1 PCT/US1999/005892 US9905892W WO9948053A1 WO 1999048053 A1 WO1999048053 A1 WO 1999048053A1 US 9905892 W US9905892 W US 9905892W WO 9948053 A1 WO9948053 A1 WO 9948053A1
Authority
WO
WIPO (PCT)
Prior art keywords
security device
postal security
register
printer
license number
Prior art date
Application number
PCT/US1999/005892
Other languages
French (fr)
Inventor
Edward J. Naclerio
Original Assignee
Ascom Hasler Mailing Systems Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ascom Hasler Mailing Systems Inc. filed Critical Ascom Hasler Mailing Systems Inc.
Priority to US09/646,492 priority Critical patent/US6820065B1/en
Priority to JP2000537177A priority patent/JP2002507800A/en
Priority to EP99912649A priority patent/EP1064621B1/en
Priority to DE69932605T priority patent/DE69932605T2/en
Priority to CA002324099A priority patent/CA2324099A1/en
Publication of WO1999048053A1 publication Critical patent/WO1999048053A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • G07B2017/00145Communication details outside or between apparatus via the Internet
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00016Relations between apparatus, e.g. franking machine at customer or apparatus at post office, in a franking system
    • G07B17/0008Communication details outside or between apparatus
    • G07B2017/00153Communication details outside or between apparatus for sending information
    • G07B2017/00161Communication details outside or between apparatus for sending information from a central, non-user location, e.g. for updating rates or software, or for refilling funds
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00193Constructional details of apparatus in a franking system
    • G07B2017/00201Open franking system, i.e. the printer is not dedicated to franking only, e.g. PC (Personal Computer)
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00185Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
    • G07B17/00362Calculation or computing within apparatus, e.g. calculation of postage value
    • G07B2017/00427Special accounting procedures, e.g. storing special information
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00741Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
    • G07B2017/00758Asymmetric, public-key algorithms, e.g. RSA, Elgamal
    • G07B2017/00766Digital signature, e.g. DSA, DSS, ECDSA, ESIGN
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00927Certificates, e.g. X.509
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00959Cryptographic modules, e.g. a PC encryption board
    • G07B2017/00967PSD [Postal Security Device] as defined by the USPS [US Postal Service]

Definitions

  • the invention relates generally to postage meters (franking machines), and relates particularly to systems in which postage meter licenses are managed in a way that is non-identical to the number of associated postal security devices.
  • the application claims priority from US application no. 60/078,488, filed March 18, 1998, which application is incorporated herein by reference to the extent permitted by the designated and elected States hereto.
  • the accounting means includes an ascending register indicative of postage that has been printed, and typically a piece counter indicative of the number of mail pieces that have been printed. In many countries including the United States, the accounting means also includes a descending register indicative of the amount of postage value available to be printed.
  • the printing means is used to print postage indicia on mail pieces, typically by a relief printing die with characteristic fluorescent ink. Such postage meters have worked exceeding well for decades and have proven to be reliable.
  • the postage meter saves the postal authority from much of the work of printing, stocking and selling postage stamps.
  • the postage meter user can simply print the new postal amount, while the stamp user must queue up at the post office to purchase stamps in the new denomination.
  • nonsecure printers such as laser printers, ink-jet printers, and thermal transfer printers.
  • Such printers are termed “nonsecure” because the printer itself is not in a secure housing and because the communications channel linking the printer to other apparatus is nonsecure.
  • nonsecure printers because the printer itself is not in a secure housing and because the communications channel linking the printer to other apparatus is nonsecure.
  • the proposed anti-fraud measure is to store information within the indicia which would permit detecting fraud.
  • the indicium would include not only human-readable text such as a date and a postage amount, but would also include machine- readable information, for example by means of a two-dimensional bar code.
  • the machine- readable information would be cryptographically signed, and would include within it some information intended to make fraud more difficult.
  • the information would typically include an identification of the postage meter license (granted by the meter manufacturer or by the postal authorities, depending on the country), an indication of the number of mail pieces franked, the postage amount, a postal security device identifier about which more will be said later, the date and time, and a zip code or post code of the mail piece addressee.
  • Yet another drawback is that it is commonplace for a mail piece to get smudged on the way to the post office or within the post office, prior to the authentication scanning by the post office. If the post office is unable to read the bar code, the post office has to decide whether to return the mail piece to the sender, or risk delivering a mail piece bearing a counterfeit indicium.
  • the typical apparatus for printing such "encrypted indicia" postage includes what is called a postal security device or PSD.
  • PSD has a secure housing, and within the secure housing are the accounting registers as well as a cryptographic engine.
  • the engine permits cryptographic authentication and signing for communication with an external device such as the computer of the meter manufacturer or of the post office.
  • the engine also permits creation of postal indicia which contain specified information and which are cryptographically signed.
  • the PSD may well be physically small as compared to traditional postage meters.
  • the PSD may be the size of a PCMCIA card or the size of a smart card.
  • the memory must be protected against unadvertent damage due to malfunction of the processor of the PSD, for example as set forth in US Pat. No. 5668973, Protection system for critical memory information owned by the same assignee as the assignee of the present application.
  • the PSD must handle power failure in a graceful fashion, for example as set forth in US Pat. No. 5712542, Postage meter with improved handling of power failure, also owned by the same assignee as the assignee of the present application.
  • the printer may preferably be that described in PCT publication no. 97-46389, Printing apparatus, also owned by the same assignee as the assignee of the present application. While it has been proposed that the PSD contain a real-time clock which is keeping time continuously, desirably this requirement may be avoided as described in PCT publication no. 98-08325, Printing postage with cryptographic clocking security, also owned by the same assignee as the assignee of the present application. PSDs can form part of a network with multiple printers as described in PCT publication no. 98-13790, Proof of postage digital franking, also owned by the same assignee as the assignee of the present application.
  • the PSD in proposed systems contains the ascending and (optional depending on country) descending registers, the piece counter, and a "meter license number".
  • the meter license number represents a legal license granted by the postal authority which permits operation of the PSD and the associated printing of postage indicia. It is assumed that the PSD also has a unique identifying number stored within the PSD, but this number is expected to be non- identical to the meter license number. For example, if a PSD were to require service, the PSD manufacturer may take one PSD out of service for a particular customer and place another PSD into service for that particular customer, and yet the meter license number (which pertains to the customer) may remain the same.
  • a system in which a single postal security device has a secure housing, and within the secure housing are two or more accounting register sets.
  • the two or more accounting register sets are associated with distinct meter licenses.
  • the single postal security device can store a single accounting register set, but is able to transfer the register set to a nonsecure store such as the hard drive of a personal computer, the register set having been cryptographically signed. Later the register set may be retrieved from the nonsecure store and cryptographically authenticated, and restored to its location within the secure housing. In this way, the postal security device may provide service under more than one distinct meter license.
  • a single meter license is associated with more than one postal security device, each with its own secure housing. Each register set is configured to permit being reset (refilled with postage) by means of a cryptographically secure exchange of data over a communications channel to external equipment such as a manufacturer's server or a server operated by the post office.
  • Fig. 1 shows in functional block diagram form a prior art PSD system
  • Fig. 2 shows in functional block diagram form a portion of a prior art PSD system
  • Fig. 3 shows in functional block diagram form a PSD system according to an embodiment of the invention
  • Fig. 4 shows in a data flow diagram the steps associated with obtaining an additional meter license with a PSD in accordance with an embodiment of the invention.
  • Fig. 5 shows in functional block diagram form a PSD according to another embodiment of the invention.
  • FIG. 1 there is shown in functional block diagram form a prior art PSD system.
  • a postal security device (PSD) 20 is connected with a user system 21, typically a person computer or workstation. Connected directly or through a local area network is a printer 22 on which postal indicia are printed.
  • the user system 21 is communicatively coupled with a manufacturer's system 24, which in turn is communicatively coupled with the postal authority 26.
  • the communicative links 23 and 25 are preferably TCP/IP links via the Internet, but may optionally be other links such as dialup modem access lines or dedicated data lines.
  • the PSD 20 contains postage value, embodied in the contents of the descending register (item 33 in Fig. 2).
  • the PSD 20 In response to a request from the user via the computer 21, the PSD 20 generates an "encrypted indicium", that is, a print image containing cryptographically signed information, to be printed by means of printer 22 onto an envelope or post card or postage label.
  • the image includes human-readable information as well as computer-readable information in bar code form. If the user wishes to "refill” or “reset” the postage meter, this is done by means of a cryptographically secure exchange between the PSD 20 and the manufacturer's system 24. Depending on the requirements of the postal authority, the resetting may also include an exchange with the postal authority's system 26.
  • the indicium typically includes, in cryptographically signed or encrypted form, the meter license number, a unique number identifying the PSD, the date and time, the contents of the accounting registers, and other information to make the indicium unique such as the post code or Zip code of the mail piece addressee. It will be appreciated that in some countries there is no descending register and the payment by the user is based instead on the changing value of the ascending register. The teachings of the invention may be applied equally well to systems in countries that use a descending register and in countries that do not use a descending register.
  • Fig. 2 shows in functional block diagram form a portion of a prior art PSD system.
  • the PSD 20 has a communications channel 30 which permits data exchanges with the user's computer
  • the PSD 20 contains a register set 31, which include a meter license number 32, an ascending register 33, a descending register 34, and a piece counter 35.
  • the PSD typically contains a cryptographic engine, a clock/calendar, a microprocessor, RAM, nonvolatile RAM, ROM, and a battery, all omitted for clarity in Fig. 2.
  • the PSD has a secure housing to make undetected tampering nearly impossible.
  • the PSD 20 communicates with a printer 22 for printing postage indicia.
  • Fig. 3 shows in functional block diagram form a PSD system according to an embodiment of the invention.
  • Contained within the PSD 40 are two or more register sets 51a, b, c. Each contains a meter license number 52a, b, c, an ascending register 53a, b, c, a descending register 54a, b, c, and a piece counter 55a, b, c.
  • the PSD 40 can print postage with respect to any one of the register sets, and can reset (refill) any one of the register sets.
  • a franking system comprising a printer 22, a postal security device 40 communicatively coupled with the printer 22, and a communications channel 41 coupled with the postal security device 40 to apparatus external to the printer 22 and external to the postal security device 40, the postal security device 40 comprising a secure housing, the postal security device 40 containing within the secure housing a first register set 51a comprising information indicative of a first license number 52a, a first ascending register 53a, and a first piece counter 55a, the postal security device 40 further containing within the secure housing a second register set 51b comprising information indicative of a second license number 52b, a second ascending register 53b, and a second piece counter 55b, each of the ascending registers 53a, b indicative of postage printed in connection with the respective license number 52a, b, each of the piece counters 55a, b indicative of a number of mail pieces franked in connection with the respective license number 52a, b; the postal security device 40 further comprising a franking means
  • a company may have several individuals who generate mail, in particular with PC-based word processing programs. These individuals may be located in different geographic locations. Often it is desired to enter mail at a particular post office as it may speed delivery of that mail to the recipient or recipients. Under the requirements and constraints of the traditional postage metering environment, a company might have to license multiple postage meters for multiple users and for multiple mail entry points. With the system according to the invention, however, a single PSD may be able to serve multiple users.
  • each meter license number has associated with it a particular town in which its mail is to be deposited. (This is important to give revenue credit to each town's post office in keeping with the mail deposited therein.)
  • a particular license is the digitally printed equivalent of the "town die" in a tradition postage meter which indicates the town in which mail is to be deposited.
  • the PSD according to the invention accommodating more than one license, can enable the user to generate franked mail for deposit in more than one town.
  • the postal service may require that the PSD generates a new public/private key pair for signing indicia for each new or additional meter license from the postal authority. In such a case, the private key must of course be securely stored within the PSD.
  • the public key is signed by a certificate authority and is stored in the host system along with the signed meter licenses.
  • Fig. 4 shows in a data flow diagram the steps associated with obtaining an additional meter license with a PSD in accordance with an embodiment of the invention.
  • the user requests the license on the user host system (21 in Fig. 1) in step 60.
  • the user host system 21 forwards the request to the postal security device 40 (in Fig. 4) which prepares a license request message in step 61.
  • the PSD 40 cryptographically signs the message in step 62 and sends the request back to the user host system 21 which forwards the request to the manufacturer system 24 (Fig. 1).
  • the anufacturer system 24 verifies the origin of the request by verifying the signature (block 63) from the PSD 40.
  • the request is then forwarded to the postal authority system 26 (Fig. 1) in step 64.
  • the communications links 23, 25 may be secured, but preferably no security assumption is made about the links 23, 25 and instead cryptographic measures (such as signatures) are employed.
  • the postal authority system 26 issues a meter license number and grants the requested license in step 65, typically adding its own digital signature to the license.
  • the manufacturer's system 24 (Fig. 1) verifies the validity of the license and adds its own digital signature (step 66) and passes the license along to the postage meter (i.e. the PSD 40 in Fig.
  • the PSD 40 establishes accounting registers to correspond to the license, and is able to generate postal indicia in connection with the license.
  • a franking system includes a PSD which contains within its secure housing a means responsive to a cryptographically authenticated authorization received on the communications channel for creating within the secure housing a second register set comprising information indicative of a second license number, a second ascending register, and a second piece counter, each of the ascending registers indicative of postage printed in connection with the respective license number, each of the piece counters indicative of a number of mail pieces franked in connection with the respective license number.
  • the PSD further comprises a franking means responsive to a user request for the printing of a postage indicium in a particular value in connection with a particular license number by incrementing the ascending register in the particular value, by incrementing the piece counter, and by creating a cryptographically authenticated indicium based in part on the license number and the particular value for printing on the printer.
  • Each register set is able to be reset by means of a cryptographically secure exchange over the communications channel, the cryptographically secure exchange including transmission of information indicative of the license number associated with the register set.
  • the method of adding a register set responds to a user request for a second register set.
  • a license request message is prepared and cryptographically signed (blocks 60, 61, 62), the signed license request message is communicated on the communications channel, a response is received on the communications channel and is cryptographically authenticated (block 67).
  • a second register set comprising information indicative of a second license number, a second ascending register, and a second piece counter is created within the PSD 40.
  • a particular register set 51a is cryptographically signed and/or encrypted, and is stored 72 on external nonsecure storage 71, such as the hard disk of the user computer 21 (Fig. 1), or other mass storage. If at a later time the user wishes to use that license, the user host system 21 can transmit the signed register set 51a from the storage
  • the PSD 44 typically also confirms the authenticity of the signatures previously supplied by the manufacturer and the postal authority before accepting the register set 51a for the printing of postage.
  • Another embodiment of the invention directs itself to the problem of a single business entity which may need to be able to print postage at multiple locations despite having no need for more than one meter license.
  • the same license number may be stored into the register set of each of the PSDs. This does not pose a risk of fraud, because according to the invention the PSD unique identifier is communicated in the postal indicia along with the license number. It is assumed, as mentioned earlier, that the post office scans and authenticates every indicium anyway.
  • This embodiment of the invention is convenient in several ways. Users may wish to use this feature to employ more than one PSD to generate indicia for deposit at the same post office. Thus if one PSD is unavailable or low on funds, a second device can be selected to generate indicia.

Abstract

A system is provided in which a single postal security device (20, 40, 44) has a secure housing, and within the secure housing are two or more accounting register sets (31, 51a, 51b, 51c). Importantly, the two or more accounting register sets (31, 51a, 51b, 51c) are associated with distinct meter licenses (32, 52a, 52b, 52c). Alternatively, the single postal security device (20, 40, 44) can store a single accounting register set (31, 51a, 51b, 51c), but is able to transfer the register set (31, 51a, 51b, 51c) to a nonsecure store (71) such as the hard drive of a personal computer, the register set having been cryptographically signed (72). Later the register set (72) may be retrieved from the nonsecure store (71) and cryptographically authenticated, and restored to its location within the secure housing of postal security device (20, 40, 44). In this way, the postal security (20, 40, 44) may provide service under more than one distinct meter license (32, 52a, 52b, 52c). In a related embodiment, a single meter license (32, 52a, 52b, 52c) is associated with more than one postal security device (20, 40, 44), each with its own secure housing. Each register set (31, 51a, 51b, 51c) is configured to permit being reset (refilled with postage) by means of a cryptographically secure exchange of data over a communications channel (23, 25, 30, 41, 45) to external equipment such as a manufacturer's server (24) or a server (26) operated by the post office.

Description

System and method for management of postage meter licenses
The invention relates generally to postage meters (franking machines), and relates particularly to systems in which postage meter licenses are managed in a way that is non-identical to the number of associated postal security devices. The application claims priority from US application no. 60/078,488, filed March 18, 1998, which application is incorporated herein by reference to the extent permitted by the designated and elected States hereto.
Background
It has been well known for many decades to use a postage meter which has within a secure housing an accounting means and a printing means. The accounting means includes an ascending register indicative of postage that has been printed, and typically a piece counter indicative of the number of mail pieces that have been printed. In many countries including the United States, the accounting means also includes a descending register indicative of the amount of postage value available to be printed. The printing means is used to print postage indicia on mail pieces, typically by a relief printing die with characteristic fluorescent ink. Such postage meters have worked exceeding well for decades and have proven to be reliable.
While it is technically possible to print postal indicia for which no money has been paid to the post office, such fraud is relatively infrequent because it would be readily detectable through physical inspection of the meter for tampering.
The postage meter saves the postal authority from much of the work of printing, stocking and selling postage stamps. When postal rates change, the postage meter user can simply print the new postal amount, while the stamp user must queue up at the post office to purchase stamps in the new denomination.
In recent years it has been proposed to print postal indicia by means of conventional nonsecure printers such as laser printers, ink-jet printers, and thermal transfer printers. Such printers are termed "nonsecure" because the printer itself is not in a secure housing and because the communications channel linking the printer to other apparatus is nonsecure. Under such a proposal, the question naturally arises what would prevent a user from printing the same postal indicium repeatedly, thereby printing postal indicia for which no money has been paid to the post office. The proposed anti-fraud measure is to store information within the indicia which would permit detecting fraud. The indicium would include not only human-readable text such as a date and a postage amount, but would also include machine- readable information, for example by means of a two-dimensional bar code. The machine- readable information would be cryptographically signed, and would include within it some information intended to make fraud more difficult. The information would typically include an identification of the postage meter license (granted by the meter manufacturer or by the postal authorities, depending on the country), an indication of the number of mail pieces franked, the postage amount, a postal security device identifier about which more will be said later, the date and time, and a zip code or post code of the mail piece addressee.
There are, of course, many potential drawbacks to such an approach for printing of postal indicia. A user who intends to defraud the postal service might use a bar-code reader to read the contents of the indicium. (This capability illustrates the pointlessness of trying to give physical security to the printing means or of the communications channel by which the printing means is controlled.) The contents of the bar code could be used to print identical or nearly identical indicia, perhaps at a geographic distance. It would then fall to the postal service to perform an analysis on all or nearly all of the indicia scanned on a particular day, to try to identify duplicates.
Yet another drawback is that it is commonplace for a mail piece to get smudged on the way to the post office or within the post office, prior to the authentication scanning by the post office. If the post office is unable to read the bar code, the post office has to decide whether to return the mail piece to the sender, or risk delivering a mail piece bearing a counterfeit indicium.
The typical apparatus for printing such "encrypted indicia" postage includes what is called a postal security device or PSD. The PSD has a secure housing, and within the secure housing are the accounting registers as well as a cryptographic engine. The engine permits cryptographic authentication and signing for communication with an external device such as the computer of the meter manufacturer or of the post office. The engine also permits creation of postal indicia which contain specified information and which are cryptographically signed. The PSD may well be physically small as compared to traditional postage meters. The PSD may be the size of a PCMCIA card or the size of a smart card.
Within the PSD the memory must be protected against unadvertent damage due to malfunction of the processor of the PSD, for example as set forth in US Pat. No. 5668973, Protection system for critical memory information owned by the same assignee as the assignee of the present application. The PSD must handle power failure in a graceful fashion, for example as set forth in US Pat. No. 5712542, Postage meter with improved handling of power failure, also owned by the same assignee as the assignee of the present application.
To reduce smudging, the printer may preferably be that described in PCT publication no. 97-46389, Printing apparatus, also owned by the same assignee as the assignee of the present application. While it has been proposed that the PSD contain a real-time clock which is keeping time continuously, desirably this requirement may be avoided as described in PCT publication no. 98-08325, Printing postage with cryptographic clocking security, also owned by the same assignee as the assignee of the present application. PSDs can form part of a network with multiple printers as described in PCT publication no. 98-13790, Proof of postage digital franking, also owned by the same assignee as the assignee of the present application.
The PSD in proposed systems contains the ascending and (optional depending on country) descending registers, the piece counter, and a "meter license number". The meter license number represents a legal license granted by the postal authority which permits operation of the PSD and the associated printing of postage indicia. It is assumed that the PSD also has a unique identifying number stored within the PSD, but this number is expected to be non- identical to the meter license number. For example, if a PSD were to require service, the PSD manufacturer may take one PSD out of service for a particular customer and place another PSD into service for that particular customer, and yet the meter license number (which pertains to the customer) may remain the same.
It would be advantageous to have a system with great flexibility to accommodate a number of users, or to accommodate the use of several PSDs per user, yet the proposed PSD arrangements are inflexible.
Summary of the Invention
A system is provided in which a single postal security device has a secure housing, and within the secure housing are two or more accounting register sets. Importantly, the two or more accounting register sets are associated with distinct meter licenses. Alternatively, the single postal security device can store a single accounting register set, but is able to transfer the register set to a nonsecure store such as the hard drive of a personal computer, the register set having been cryptographically signed. Later the register set may be retrieved from the nonsecure store and cryptographically authenticated, and restored to its location within the secure housing. In this way, the postal security device may provide service under more than one distinct meter license. In a related embodiment, a single meter license is associated with more than one postal security device, each with its own secure housing. Each register set is configured to permit being reset (refilled with postage) by means of a cryptographically secure exchange of data over a communications channel to external equipment such as a manufacturer's server or a server operated by the post office.
Description of the drawing
The invention will be described in detail with respect to a drawing in several figures, of which:
Fig. 1 shows in functional block diagram form a prior art PSD system;
Fig. 2 shows in functional block diagram form a portion of a prior art PSD system; Fig. 3 shows in functional block diagram form a PSD system according to an embodiment of the invention;
Fig. 4 shows in a data flow diagram the steps associated with obtaining an additional meter license with a PSD in accordance with an embodiment of the invention; and
Fig. 5 shows in functional block diagram form a PSD according to another embodiment of the invention.
Detailed description
Turning now to Fig. 1, there is shown in functional block diagram form a prior art PSD system. A postal security device (PSD) 20 is connected with a user system 21, typically a person computer or workstation. Connected directly or through a local area network is a printer 22 on which postal indicia are printed. The user system 21 is communicatively coupled with a manufacturer's system 24, which in turn is communicatively coupled with the postal authority 26. The communicative links 23 and 25 are preferably TCP/IP links via the Internet, but may optionally be other links such as dialup modem access lines or dedicated data lines.
The PSD 20 contains postage value, embodied in the contents of the descending register (item 33 in Fig. 2). In response to a request from the user via the computer 21, the PSD 20 generates an "encrypted indicium", that is, a print image containing cryptographically signed information, to be printed by means of printer 22 onto an envelope or post card or postage label. The image includes human-readable information as well as computer-readable information in bar code form. If the user wishes to "refill" or "reset" the postage meter, this is done by means of a cryptographically secure exchange between the PSD 20 and the manufacturer's system 24. Depending on the requirements of the postal authority, the resetting may also include an exchange with the postal authority's system 26. When the postal indicium is generated, the descending register is decremented accordingly, the ascending register is decremented accordingly, and the piece count is incremented. The indicium typically includes, in cryptographically signed or encrypted form, the meter license number, a unique number identifying the PSD, the date and time, the contents of the accounting registers, and other information to make the indicium unique such as the post code or Zip code of the mail piece addressee. It will be appreciated that in some countries there is no descending register and the payment by the user is based instead on the changing value of the ascending register. The teachings of the invention may be applied equally well to systems in countries that use a descending register and in countries that do not use a descending register.
Fig. 2 shows in functional block diagram form a portion of a prior art PSD system. The PSD 20 has a communications channel 30 which permits data exchanges with the user's computer
(item 21 in Fig. 1) and with the manufacturer's system 24. The PSD 20 contains a register set 31, which include a meter license number 32, an ascending register 33, a descending register 34, and a piece counter 35. The PSD typically contains a cryptographic engine, a clock/calendar, a microprocessor, RAM, nonvolatile RAM, ROM, and a battery, all omitted for clarity in Fig. 2. The PSD has a secure housing to make undetected tampering nearly impossible. The PSD 20 communicates with a printer 22 for printing postage indicia.
Fig. 3 shows in functional block diagram form a PSD system according to an embodiment of the invention. Contained within the PSD 40 are two or more register sets 51a, b, c. Each contains a meter license number 52a, b, c, an ascending register 53a, b, c, a descending register 54a, b, c, and a piece counter 55a, b, c. In response to user selections, the PSD 40 can print postage with respect to any one of the register sets, and can reset (refill) any one of the register sets.
Described differently, what is shown is a franking system comprising a printer 22, a postal security device 40 communicatively coupled with the printer 22, and a communications channel 41 coupled with the postal security device 40 to apparatus external to the printer 22 and external to the postal security device 40, the postal security device 40 comprising a secure housing, the postal security device 40 containing within the secure housing a first register set 51a comprising information indicative of a first license number 52a, a first ascending register 53a, and a first piece counter 55a, the postal security device 40 further containing within the secure housing a second register set 51b comprising information indicative of a second license number 52b, a second ascending register 53b, and a second piece counter 55b, each of the ascending registers 53a, b indicative of postage printed in connection with the respective license number 52a, b, each of the piece counters 55a, b indicative of a number of mail pieces franked in connection with the respective license number 52a, b; the postal security device 40 further comprising a franking means responsive to a user request for the printing of a postage indicium in a particular value in connection with a particular license number 52a, b by incrementing the ascending register 53a, b in the particular value, by incrementing the piece counter 55a, b, and by creating a cryptographically authenticated indicium based in part on the license number 52a, b and the particular value for printing on the printer 22; each register set 51a, b disposed to be reset by means of a cryptographically secure exchange over the communications channel 41, the cryptographically secure exchange including transmission of information indicative of the license number 52a, b associated with the each register set 51a, b.
A company may have several individuals who generate mail, in particular with PC-based word processing programs. These individuals may be located in different geographic locations. Often it is desired to enter mail at a particular post office as it may speed delivery of that mail to the recipient or recipients. Under the requirements and constraints of the traditional postage metering environment, a company might have to license multiple postage meters for multiple users and for multiple mail entry points. With the system according to the invention, however, a single PSD may be able to serve multiple users.
It is assumed that each meter license number has associated with it a particular town in which its mail is to be deposited. (This is important to give revenue credit to each town's post office in keeping with the mail deposited therein.) Thus, implied by a particular license is the digitally printed equivalent of the "town die" in a tradition postage meter which indicates the town in which mail is to be deposited. The PSD according to the invention, accommodating more than one license, can enable the user to generate franked mail for deposit in more than one town. The postal service may require that the PSD generates a new public/private key pair for signing indicia for each new or additional meter license from the postal authority. In such a case, the private key must of course be securely stored within the PSD. The public key is signed by a certificate authority and is stored in the host system along with the signed meter licenses.
Fig. 4 shows in a data flow diagram the steps associated with obtaining an additional meter license with a PSD in accordance with an embodiment of the invention. The user requests the license on the user host system (21 in Fig. 1) in step 60. The user host system 21 forwards the request to the postal security device 40 (in Fig. 4) which prepares a license request message in step 61. The PSD 40 cryptographically signs the message in step 62 and sends the request back to the user host system 21 which forwards the request to the manufacturer system 24 (Fig. 1). The anufacturer system 24 verifies the origin of the request by verifying the signature (block 63) from the PSD 40. The request is then forwarded to the postal authority system 26 (Fig. 1) in step 64. It should be noted that the communications links 23, 25 may be secured, but preferably no security assumption is made about the links 23, 25 and instead cryptographic measures (such as signatures) are employed. After evaluation of the request, the postal authority system 26 issues a meter license number and grants the requested license in step 65, typically adding its own digital signature to the license. The manufacturer's system 24 (Fig. 1) verifies the validity of the license and adds its own digital signature (step 66) and passes the license along to the postage meter (i.e. the PSD 40 in Fig.
3). The PSD 40 establishes accounting registers to correspond to the license, and is able to generate postal indicia in connection with the license.
Described in a different way, a franking system includes a PSD which contains within its secure housing a means responsive to a cryptographically authenticated authorization received on the communications channel for creating within the secure housing a second register set comprising information indicative of a second license number, a second ascending register, and a second piece counter, each of the ascending registers indicative of postage printed in connection with the respective license number, each of the piece counters indicative of a number of mail pieces franked in connection with the respective license number. The PSD further comprises a franking means responsive to a user request for the printing of a postage indicium in a particular value in connection with a particular license number by incrementing the ascending register in the particular value, by incrementing the piece counter, and by creating a cryptographically authenticated indicium based in part on the license number and the particular value for printing on the printer. Each register set is able to be reset by means of a cryptographically secure exchange over the communications channel, the cryptographically secure exchange including transmission of information indicative of the license number associated with the register set.
The method of adding a register set responds to a user request for a second register set. A license request message is prepared and cryptographically signed (blocks 60, 61, 62), the signed license request message is communicated on the communications channel, a response is received on the communications channel and is cryptographically authenticated (block 67). A second register set comprising information indicative of a second license number, a second ascending register, and a second piece counter is created within the PSD 40.
It may happen that the PSD 44 (Fig. 5) lacks sufficient free memory to accommodate the desired number of register sets. For that reason, or for some other reason, the invention contemplates a different approach. A particular register set 51a is cryptographically signed and/or encrypted, and is stored 72 on external nonsecure storage 71, such as the hard disk of the user computer 21 (Fig. 1), or other mass storage. If at a later time the user wishes to use that license, the user host system 21 can transmit the signed register set 51a from the storage
71 back to the PSD 44. The PSD 44 typically also confirms the authenticity of the signatures previously supplied by the manufacturer and the postal authority before accepting the register set 51a for the printing of postage.
Stated differently, there is contained within the secure housing a means responsive to a first user request for cryptographically signing the register set 51a and copying the cryptographically signed register set 51a via the communications channel 45 to external apparatus 71. Later the register set 72 is retrieved from the external apparatus 71 and is cryptographically authenticated. The register set 51a thus retrieved is available for printing of postage on the printer 22, and for resetting via the communications channel 45.
Another embodiment of the invention directs itself to the problem of a single business entity which may need to be able to print postage at multiple locations despite having no need for more than one meter license. In such a system, there is more than one PSD 20, 40, 44 each with its own PSD unique identifier. But, according to the invention, the same license number may be stored into the register set of each of the PSDs. This does not pose a risk of fraud, because according to the invention the PSD unique identifier is communicated in the postal indicia along with the license number. It is assumed, as mentioned earlier, that the post office scans and authenticates every indicium anyway. Thus it is merely a data processing task to check the indicia printed to see that they add up properly to match the funds paid in connection with the license, or to see that they correspond as expected with the particular PSDs involved. If experience shows the scanning and authenticating of every postal indicium to be an unworkable task, then this is a reason to reconsider the use of encrypted indicia but does not contraindicate the use of the method according to the invention.
This embodiment of the invention is convenient in several ways. Users may wish to use this feature to employ more than one PSD to generate indicia for deposit at the same post office. Thus if one PSD is unavailable or low on funds, a second device can be selected to generate indicia.
Those skilled in the art will have no difficulty devising obvious enhancements and variations on the invention, all of which are to be encompassed by the claims which follow.
10

Claims

Claims
1. A franking system comprising a printer, a postal security device communicatively coupled with the printer, and a communications channel coupled with the postal security device to apparatus external to the printer and external to the postal security device, the postal security device comprising a secure housing, the postal security device containing within the secure housing a first register set comprising information indicative of a first license number, a first ascending register, and a first piece counter, the postal security device further containing within the secure housing a second register set comprising information indicative of a second license number, a second ascending register, and a second piece counter, each of the ascending registers indicative of postage printed in connection with the respective license number, each of the piece counters indicative of a number of mail pieces franked in connection with the respective license number; the postal security device further comprising a franking means responsive to a user request for the printing of a postage indicium in a particular value in connection with a particular license number by incrementing the ascending register in the particular value, by incrementing the piece counter, and by creating a cryptographically authenticated indicium based in part on the license number and the particular value for printing on the printer; each register set disposed to be reset by means of a cryptographically secure exchange over the communications channel, the cryptographically secure exchange including transmission of information indicative of the license number associated with the each register set.
2. A franking system comprising a printer, a postal security device communicatively coupled with the printer, and a communications channel coupled with the postal security device to apparatus external to the printer and external to the postal security device, the postal security device comprising a secure housing, the postal security device containing within the secure housing a first register set comprising information indicative of a first license number, a first ascending register, and a first piece counter, the postal security device further containing within the secure housing a means responsive to a cryptographically authenticated authorization received on the communications channel for creating within the secure housing
11 a second register set comprising information indicative of a second license number, a second ascending register, and a second piece counter, each of the ascending registers indicative of postage printed in connection with the respective license number, each of the piece counters indicative of a number of mail pieces franked in connection with the respective license number; the postal security device further comprising a franking means responsive to a user request for the printing of a postage indicium in a particular value in connection with a particular license number by incrementing the ascending register in the particular value, by incrementing the piece counter, and by creating a cryptographically authenticated indicium based in part on the license number and the particular value for printing on the printer; each register set disposed to be reset by means of a cryptographically secure exchange over the communications channel, the cryptographically secure exchange including transmission of information indicative of the license number associated with the each register set.
3. A method for use with a franking system comprising a printer, a postal security device communicatively coupled with the printer, and a communications channel coupled with the postal security device to apparatus external to the printer and external to the postal security device, the postal security device comprising a secure housing, the postal security device containing within the secure housing a first register set comprising information indicative of a first license number, a first ascending register, and a first piece counter, the ascending register indicative of postage printed in connection with the respective license number, the piece counter indicative of a number of mail pieces franked in connection with the respective license number; the postal security device further comprising a franking means responsive to a user request for the printing of a postage indicium in a particular value in connection with a particular license number by incrementing the ascending register in the particular value, by incrementing the piece counter, and by creating a cryptographically authenticated indicium based in part on the license number and the particular value for printing on the printer, the method comprising the steps of:
in response to a user request for a second register set, preparing a license request message, cryptographically signing the license request message, communicating the signed license request message on the communications channel, receiving a response on the
12 communications channel, cryptographically authenticating the response, and creating within the secure housing a second register set comprising information indicative of a second license number, a second ascending register, and a second piece counter.
4. A franking system comprising a printer, a postal security device communicatively coupled with the printer, and a communications channel coupled with the postal security device to apparatus external to the printer and external to the postal security device, the postal security device comprising a secure housing, the postal security device containing within the secure housing a storage area capable of storing a register set comprising information indicative of a license number, an ascending register, and a piece counter, the postal security device further containing within the secure housing a means responsive to a first user request for cryptographically signing the register set and copying the cryptographically signed register set via the communications channel to external apparatus; the postal security device further containing within the secure housing a means responsive to a second user request for retrieving from external apparatus the register set and for cryptographically authenticating the register set, and for storing the register sent within the storage area; the ascending register indicative of postage printed in connection with the respective license number, the piece counter indicative of a number of mail pieces franked in connection with the respective license number; the postal security device further comprising a franking means responsive to a user request for the printing of a postage indicium in a particular value in connection with a particular license number by incrementing the ascending register in the particular value, by incrementing the piece counter, and by creating a cryptographically authenticated indicium based in part on the license number and the particular value for printing on the printer; the register set disposed to be reset by means of a cryptographically secure exchange over the communications channel, the cryptographically secure exchange including transmission of information indicative of the license number associated with the register set.
5. A method for use with a franking system, the system comprising a printer, a postal security device communicatively coupled with the printer, and a communications channel coupled with the postal security device to apparatus external to the printer and external to the postal security device, the postal security device comprising a secure housing, the postal security
13 device containing within the secure housing a storage area capable of storing a register set comprising information indicative of a license number, an ascending register, and a piece counter, the postal security device further containing within the secure housing a means responsive to a user request for cryptographically signing the register set and copying the cryptographically signed register set via the communications channel to external apparatus; the postal security device further containing within the secure housing a means responsive for retrieving from external apparatus the register set and for cryptographically authenticating the register set, and for storing the register sent within the storage area; the ascending register indicative of postage printed in connection with the respective license number, the piece counter indicative of a number of mail pieces franked in connection with the respective license number; the postal security device further comprising a franking means responsive to a user request for the printing of a postage indicium in a particular value in connection with a particular license number by incrementing the ascending register in the particular value, by incrementing the piece counter, and by creating a cryptographically authenticated indicium based in part on the license number and the particular value for printing on the printer; the method comprising the steps of responding to a first user request for cryptographically signing the register set and copying the cryptographically signed register set via the communications channel to external apparatus; responding to a second user request by retrieving from external apparatus the register set and cryptographically authenticating the register set, and storing the register sent within the storage area.
6. A franking system comprising a first printer and a second printer, a first postal security device having a first identifier, said first postal security device communicatively coupled with the first printer, and a first communications channel coupled with the first postal security device to apparatus external to the first printer and external to the first postal security device, the first postal security device comprising a first secure housing, the first postal security device containing within the first secure housing a first register set comprising information indicative of a first license number, a first ascending register, and a first piece counter; the system further comprising a second postal security device having a second identifier, said second postal security device communicatively coupled with the second printer, and a second communications channel coupled with the second postal security device to apparatus external
14 to the second printer and external to the second postal security device, said second postal security device comprising a second secure housing, the second postal security device containing within the second secure housing a second register set comprising information indicative of the first license number, a second ascending register, and a second piece counter; each of the ascending registers indicative of postage printed in connection with the respective postal security device, each of the piece counters indicative of a number of mail pieces franked in connection with the respective postal security device; each postal security device further comprising a franking means responsive to a user request for the printing of a postage indicium in a particular value by incrementing the ascending register in the particular value, by incrementing the piece counter, and by creating a cryptographically authenticated indicium based in part on the respective postal security device identifier and the particular value for printing on the printer; each register set disposed to be reset by means of a cryptographically secure exchange over the communications channel, the cryptographically secure exchange including transmission of information indicative of the license number associated with the each register set.
7. The franking system of claim 6 wherein the first and second printers comprise a single printer.
15
PCT/US1999/005892 1998-03-18 1999-03-18 System and method for management of postage meter licenses WO1999048053A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US09/646,492 US6820065B1 (en) 1998-03-18 1999-03-18 System and method for management of postage meter licenses
JP2000537177A JP2002507800A (en) 1998-03-18 1999-03-18 Apparatus and method for postage meter authentication management
EP99912649A EP1064621B1 (en) 1998-03-18 1999-03-18 System and method for management of postage meter licenses
DE69932605T DE69932605T2 (en) 1998-03-18 1999-03-18 SYSTEM AND METHOD FOR MANAGING FRANKING MACHINERY LICENSES
CA002324099A CA2324099A1 (en) 1998-03-18 1999-03-18 System and method for management of postage meter licenses

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US7848898P 1998-03-18 1998-03-18
US60/078,488 1998-03-18

Publications (1)

Publication Number Publication Date
WO1999048053A1 true WO1999048053A1 (en) 1999-09-23

Family

ID=22144340

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/005892 WO1999048053A1 (en) 1998-03-18 1999-03-18 System and method for management of postage meter licenses

Country Status (6)

Country Link
EP (1) EP1064621B1 (en)
JP (1) JP2002507800A (en)
AT (1) ATE335258T1 (en)
CA (1) CA2324099A1 (en)
DE (1) DE69932605T2 (en)
WO (1) WO1999048053A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0926632A3 (en) * 1997-12-18 2000-10-11 Pitney Bowes Inc. Multiple registered postage meters
WO2001082233A1 (en) 2000-04-27 2001-11-01 Deutsche Post Ag Method for providing postal items with postal prepayment impressions
WO2001084505A1 (en) * 2000-04-27 2001-11-08 Deutsche Post Ag Method for providing franking notes on postal items
EP1247256A1 (en) * 1999-12-16 2002-10-09 Neopost Inc. Method and apparatus for performing secure processing of postal data
EP1277176A1 (en) * 2000-04-07 2003-01-22 Ascom Hasler Mailing Systems, Inc. Dynamic reassignment of postal metering device licensing location
US6839691B2 (en) * 2000-05-05 2005-01-04 Pitney Bowes Inc. Method for acquiring a customer for online postage metering
EP1577840A2 (en) * 2004-03-19 2005-09-21 Francotyp-Postalia AG & Co. KG Method for server controlled security management of yieldable services and arrangement for providing data according to a security management for a franking system
WO2006018097A1 (en) * 2004-08-13 2006-02-23 Deutsche Post Ag Method and device for franking postal deliveries
EP2075765A1 (en) * 2007-12-28 2009-07-01 Pitney Bowes Inc. Mailing machine having dynamically configurable postal security device to support multiple customers and carriers
US7689518B2 (en) * 2000-05-05 2010-03-30 Pitney Bowes Inc. System and method for instant online postage metering
EP2196959A1 (en) * 2008-12-10 2010-06-16 Pitney Bowes Inc. Method and system for securely transferring the personality of a postal meter at a non-secure location
EP2003619A3 (en) * 2007-02-28 2011-03-16 Francotyp-Postalia GmbH Method and device for securing user-defined information of a franking machine
EP3035297A1 (en) * 2014-12-16 2016-06-22 Pitney Bowes Inc. Method and system for supporting multiple postage printing devices using multiple customer accounts without having to maintain funds in each customer account

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4802218A (en) * 1986-11-26 1989-01-31 Wright Technologies, L.P. Automated transaction system
US4812994A (en) * 1985-08-06 1989-03-14 Pitney Bowes Inc. Postage meter locking system
US4914606A (en) * 1987-04-01 1990-04-03 Societe Anonyme Dite : Smh Alcatel Electronic franking machine including a large number of auxiliary meters
US4980542A (en) * 1988-02-08 1990-12-25 Pitney Bowes Inc. Postal charge accounting system
US5124926A (en) * 1990-03-02 1992-06-23 Pitney Bowes Inc. Carrier management system having accounting registers
US5668973A (en) 1995-04-14 1997-09-16 Ascom Hasler Mailing Systems Ag Protection system for critical memory information
US5712542A (en) 1995-05-25 1998-01-27 Ascom Hasler Mailing Systems Ag Postage meter with improved handling of power failure
WO1998013790A1 (en) * 1996-09-24 1998-04-02 Ascom Hasler Mailing Systems Inc. Proof of postage digital franking

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5684949A (en) * 1995-10-13 1997-11-04 Pitney Bowes Inc. Method and system for securing operation of a printing module
US5923762A (en) * 1995-12-27 1999-07-13 Pitney Bowes Inc. Method and apparatus for ensuring debiting in a postage meter prior to its printing a postal indicia
US6050486A (en) * 1996-08-23 2000-04-18 Pitney Bowes Inc. Electronic postage meter system separable printer and accounting arrangement incorporating partition of indicia and accounting information

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4812994A (en) * 1985-08-06 1989-03-14 Pitney Bowes Inc. Postage meter locking system
US4802218A (en) * 1986-11-26 1989-01-31 Wright Technologies, L.P. Automated transaction system
US4914606A (en) * 1987-04-01 1990-04-03 Societe Anonyme Dite : Smh Alcatel Electronic franking machine including a large number of auxiliary meters
US4980542A (en) * 1988-02-08 1990-12-25 Pitney Bowes Inc. Postal charge accounting system
US5124926A (en) * 1990-03-02 1992-06-23 Pitney Bowes Inc. Carrier management system having accounting registers
US5668973A (en) 1995-04-14 1997-09-16 Ascom Hasler Mailing Systems Ag Protection system for critical memory information
US5712542A (en) 1995-05-25 1998-01-27 Ascom Hasler Mailing Systems Ag Postage meter with improved handling of power failure
WO1998013790A1 (en) * 1996-09-24 1998-04-02 Ascom Hasler Mailing Systems Inc. Proof of postage digital franking

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU750777B2 (en) * 1997-12-18 2002-07-25 Pitney-Bowes Inc. Multiple registered postage meters
EP0926632A3 (en) * 1997-12-18 2000-10-11 Pitney Bowes Inc. Multiple registered postage meters
EP1247256A1 (en) * 1999-12-16 2002-10-09 Neopost Inc. Method and apparatus for performing secure processing of postal data
EP1247256A4 (en) * 1999-12-16 2008-12-17 Neopost Inc Method and apparatus for performing secure processing of postal data
EP1277176A1 (en) * 2000-04-07 2003-01-22 Ascom Hasler Mailing Systems, Inc. Dynamic reassignment of postal metering device licensing location
EP1277176A4 (en) * 2000-04-07 2004-08-04 Ascom Hasler Mailing Sys Inc Dynamic reassignment of postal metering device licensing location
WO2001082233A1 (en) 2000-04-27 2001-11-01 Deutsche Post Ag Method for providing postal items with postal prepayment impressions
WO2001084505A1 (en) * 2000-04-27 2001-11-08 Deutsche Post Ag Method for providing franking notes on postal items
US8255334B2 (en) 2000-04-27 2012-08-28 Deutsche Post Ag Method for providing postal items with postal prepayment impressions
US7689518B2 (en) * 2000-05-05 2010-03-30 Pitney Bowes Inc. System and method for instant online postage metering
US6839691B2 (en) * 2000-05-05 2005-01-04 Pitney Bowes Inc. Method for acquiring a customer for online postage metering
US7917454B2 (en) 2000-05-05 2011-03-29 Pitney Bowes Inc. System and method for instant online postage metering
EP1577840A3 (en) * 2004-03-19 2007-07-25 Francotyp-Postalia GmbH Method for server controlled security management of yieldable services and arrangement for providing data according to a security management for a franking system
US7996884B2 (en) 2004-03-19 2011-08-09 Francotyp-Postalia Ag & Co. Kg Method and arrangement for server-controlled security management of services to be performed by an electronic system
EP1577840A2 (en) * 2004-03-19 2005-09-21 Francotyp-Postalia AG & Co. KG Method for server controlled security management of yieldable services and arrangement for providing data according to a security management for a franking system
WO2006018097A1 (en) * 2004-08-13 2006-02-23 Deutsche Post Ag Method and device for franking postal deliveries
US8073781B2 (en) 2004-08-13 2011-12-06 Deutsche Post Ag Method and device for franking postal deliveries
EP2003619A3 (en) * 2007-02-28 2011-03-16 Francotyp-Postalia GmbH Method and device for securing user-defined information of a franking machine
US8131959B2 (en) 2007-02-28 2012-03-06 Francotyp-Postalia Gmbh Method and arrangement for securing user-definable data of a franking machine
EP2075765A1 (en) * 2007-12-28 2009-07-01 Pitney Bowes Inc. Mailing machine having dynamically configurable postal security device to support multiple customers and carriers
EP2196959A1 (en) * 2008-12-10 2010-06-16 Pitney Bowes Inc. Method and system for securely transferring the personality of a postal meter at a non-secure location
EP3035297A1 (en) * 2014-12-16 2016-06-22 Pitney Bowes Inc. Method and system for supporting multiple postage printing devices using multiple customer accounts without having to maintain funds in each customer account

Also Published As

Publication number Publication date
DE69932605T2 (en) 2007-08-09
EP1064621A1 (en) 2001-01-03
EP1064621B1 (en) 2006-08-02
ATE335258T1 (en) 2006-08-15
CA2324099A1 (en) 1999-09-23
JP2002507800A (en) 2002-03-12
DE69932605D1 (en) 2006-09-14
EP1064621A4 (en) 2001-07-18

Similar Documents

Publication Publication Date Title
AU756905B2 (en) Closed system virtual postage meter
US7664710B2 (en) Remote authentication of two dimensional barcoded indicia
CA2159754C (en) Mail processing system with unique mailpiece authorization assigned in advance of mailpieces entering carrier service mail processing stream
US10783719B2 (en) Systems and methods for detecting postage fraud using an indexed lookup procedure
US20030101147A1 (en) Auditable and secure systems and methods for issuing refunds for misprints of mail pieces
AU771315B2 (en) System and method for linking an indicium with a mailpiece in a closed system postage meter
US6820065B1 (en) System and method for management of postage meter licenses
EP1064621B1 (en) System and method for management of postage meter licenses
EP1062638B1 (en) System and method for management of correspondence
US6427139B1 (en) Method for requesting and refunding postage utilizing an indicium printed on a mailpiece
EP1131793B1 (en) Method and system for producing and checking a franking mark
EP1131794B1 (en) Method and devices for printing a franking mark on a document
AU2002220513B2 (en) Method for providing postal deliveries with franking stamps
US6897973B1 (en) System and method for management of correspondence
EP1222547A1 (en) Payment system and method
CA2419735A1 (en) Mail processing system with unique mailpiece authorization assigned in advance of mailpieces entering carrier service mail processing stream

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2324099

Country of ref document: CA

Ref country code: CA

Ref document number: 2324099

Kind code of ref document: A

Format of ref document f/p: F

ENP Entry into the national phase

Ref country code: JP

Ref document number: 2000 537177

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 1999912649

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 09646492

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 1999912649

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 1999912649

Country of ref document: EP