Language selection

/ Gouvernement du Canada
Search

Patent 2221670 Summary

Third-party information liability

Some of the information on this Web page has been provided by external sources. The Government of Canada is not responsible for the accuracy, reliability or currency of the information supplied by external sources. Users wishing to rely upon this information should consult directly with the source of the information. Content provided by external sources is not subject to official languages, privacy and accessibility requirements.

Claims and Abstract availability

Any discrepancies in the text and image of the Claims and Abstract are due to differing posting times. Text of the Claims and Abstract are posted:

  • At the time the application is open to public inspection;
  • At the time of issue of the patent (grant).
(12) Patent Application: (11) CA 2221670
(54) English Title: METHOD FOR VERIFYING THE EXPECTED POSTAGE SECURITY DEVICE IN A HOST SYSTEM
(54) French Title: METHODE POUR VERIFIER L'IDENTITE D'UN CONTROLEUR POSTAL DANS UN SYSTEME HOTE
Status: Deemed Abandoned and Beyond the Period of Reinstatement - Pending Response to Notice of Disregarded Communication
Bibliographic Data
(51) International Patent Classification (IPC):
  • G07B 17/02 (2006.01)
  • G07B 17/00 (2006.01)
(72) Inventors :
  • RYAN, FREDERICK W., JR. (United States of America)
  • CORDERY, ROBERT A. (United States of America)
(73) Owners :
  • PITNEY BOWES INC.
(71) Applicants :
  • PITNEY BOWES INC. (United States of America)
(74) Agent: MARKS & CLERK
(74) Associate agent:
(45) Issued:
(22) Filed Date: 1997-11-20
(41) Open to Public Inspection: 1998-05-21
Examination requested: 1997-11-20
Availability of licence: N/A
Dedicated to the Public: N/A
(25) Language of filing: English

Patent Cooperation Treaty (PCT): No

(30) Application Priority Data:
Application No. Country/Territory Date
08/754,570 (United States of America) 1996-11-21

Abstracts

English Abstract


A method to verify in a host system that the expected PSD is coupled
to the host. The host system generates a message, such as a random
number and sends to the PSD. In one embodiment, the random number is
signed in the PSD. The signed number is transmitted to the host where the
signature is verified. In an alternate embodiment, the PSD encrypts the
number and transmits it to the host system. The host system decrypts the
encrypted number and ensures it corresponds with the number originally
generated and transmitted to the PSD. Methods for verifying in a PSD that
the expected host is coupled to the PSD mirrors the two embodiments for
verifying the expected PSD. The generated message may include data
indicating status of the PSD based, for example a checksum of PSD
transaction records stored in the host system.


French Abstract

L'invention est une méthode servant à vérifier si le contrôleur postal prévu est celui qui est connecté à un système hôte. Le système hôte produit un message, tel qu'un nombre aléatoire, et le transmet au contrôleur postal. Dans l'une des concrétisations de l'invention, ce nombre est affecté d'un signe dans le contrôleur postal. Ce nombre et son signe sont transmis à l'hôte où la signature est vérifiée. Dans une autre concrétisation, le contrôleur chiffre ce nombre et le transmet au système hôte qui le déchiffre et vérifie s'il correspond au nombre initialement transmis au contrôleur. Des concrétisations similaires permettent de vérifier si un contrôleur postal est connecté à l'hôte prévu. Le message produit peut comprendre des données sur la situation du contrôleur, par exemple un total de contrôle portant sur les enregistrements des transactions du contrôleur qui sont stockés dans le système hôte.

Claims

Note: Claims are shown in the official language in which they were submitted.


What is Claimed is:
1. A method for verifying in a host system that a postal security
device (PSD) is the expected PSD, the method comprising the steps of:
storing in the PSD a signing key;
storing in the host system a verifying key;
generating a message in the host system;
sending the message to the PSD;
signing the message with the signing key;
sending the signed message to the host system; and
verifying the signed message in the host system using the verifying
key.
2. The method of claim 1 wherein the message generated is a
random number.
3. The method of claim 1 wherein the message generated is a
checksum of PSD transaction records.
4. The method of claim 1 wherein the host system is a personal
computer.
5. The method of claim 1 wherein the signing key and verifying key
are identical.
6. The method of claim 1 wherein the signing key and the verifying
key are different.
7. The method of claim 1 wherein the signing key is a private key
of a key pair and the verifying key is a public key of the key pair.

8. A postage metering system comprising:
a host system including message generating means;
a postal security device (PSD) coupled to said host system, wherein
said PSD has stored therein a signing key and the host system has stored
therein a verifying key; and
wherein said PSD includes means for signing a message received
from said host system using said signing key, and said host system includes
means for verifying a signed message received from said PSD using said
verifying key.
9. The system of claim 8 wherein the signing key and verifying key
are identical.
10. The system of claim 8 wherein the signing key and the verifying
key are different.
11. The system of claim 8 wherein the signing key is a private key
of a key pair and the verifying key is a public key of the key pair.
12. A method for verifying in a host system that a postal security
device (PSD) is the expected PSD, the method comprising the steps of:
storing in the PSD a decryption key;
storing in the host system an encryption key;
generating a first message in the host system;
encrypting the first message with the encryption key;
sending the encrypted first message to the PSD;
decrypting the encrypted first message with the decryption key;
sending to the host system a second message that is based on the
decrypted first message; and
verifying in the host system that the second message is the
corresponds to the first message.

13. The method of claim 12 wherein the first message generated is
a random number.
14. The method of claim 12 wherein the message generated
includes data indicating status of the PSD based on PSD transaction records
stored in the host system.
15. The method of claim 12 wherein the host system is a personal
computer.
16. The system of claim 12 wherein the decryption key and
encryption key are identical.
17. The system of claim 12 wherein the decryption key and the
encryption key are different.
18. The system of claim 12 wherein the decryption key is a private
key of a key pair and the encryption key is a public key of the key pair.
19. The system of claim 12 wherein the second message is the
same the decrypted first message.
20. The method of claim 14 wherein the data indicating status of the
PSD is a checksum of PSD transaction records.
21. A method for verifying in a host system that a postal security
device (PSD) is the expected PSD and in the PSD that the host system is the
expected host system, the method comprising the steps of:
storing in the PSD a first signing key and a second verifying key;
storing in the host system a first verifying key and a second signing
key;
generating a first message in the host system;
sending the first message to the PSD;
11

signing the first message with the first signing key;
sending the signed first message to the host system;
verifying the signed first message in the host system using the first
verifying key;
generating a second message in the PSD;
sending the second message to the host system;
signing the second message with the second signing key;
sending the signed second message to the PSD; and
verifying the signed second message in the PSD using the second
verifying key.
22. A method for verifying in a host system that a postal security
device (PSD) is the expected PSD and in the PSD that the host system is the
expected host system, the method comprising the steps of:
storing in the PSD a first decryption key and a second encryption key;
storing in the host system a first encryption key and a second
decryption key;
generating a first message in the host system;
encrypting the first message with the first encryption key;
sending the encrypted first message to the PSD;
decrypting the encrypted first message with the first decryption key;
sending to the host system a second message that is based on the
decrypted first message;
verifying in the host system that the second message corresponds to
the generated first message;
generating a third message in the PSD;
encrypting the third message with the second encryption key;
sending the encrypted third message to the host system;
decrypting the third encrypted message with the second decryption
key;
sending to the PSD a fourth message that is based on the decrypted
third message; and
12

verifying in the PSD that the fourth message corresponds to the third
message.
23. The method of claim 22 wherein the second message is the
same as the decrypted first message and the fourth message is the same as
the decrypted third message.
13

Description

Note: Descriptions are shown in the official language in which they were submitted.


CA 02221670 1997-11-20
E-570
METHOD FOR VERIFYING THE EXPECTED POSTAGE SECURITY
DEVICE IN A HOST SYSTEM
Field of the Invention
The present invention relates generally to a system and method for
postage metering security and, more particularly, to systems and methods for
verifying authorized postal security devices.
Backqround of the Invention
The Information-Based Indicia Program (IBIP) is a distributed trusted
system proposed by the United States Postal Service (USPS). The IBIP is
expected to support new methods of applying postage in addition to, and
eventually in lieu of, the current approach, which typically relies on a postagemeter to mechanically print indicia on mailpieces. The IBIP requires printing
large, high density, two dimensional (2-D) bar codes on mailpieces. The
Postal Service expects the IBIP to provide cost-effective assurance of
postage payment for each mailpiece processed.
The USPS has published draft specifications for the IBIP. The
INFORMATION BASED INDICIA PROGRAM (IBIP) INDICIUM
SPECIFICATION, dated June 13, 1996, defines the proposed requirements
for a new indicium that will be applied to mail being processed using the IBIP.
The INFORMATION BASED INDICIA PROGRAM POSTAL SECURITY
DEVICE SPECIFICATION, dated June 13, 1996, defines the proposed
requirements for a Postal Security Device (PSD) that will provide security
services to support the creation of a new "information based" postage
postmark or indicium that will be applied to mail being processed using the
IBIP. The INFORMATION BASED INDICIA PROGRAM HOST SYSTEM
SPECIFICATION, dated October 9, 1996, defines the proposed requirements
for a host system element of the IBIP. The specifications are collectively
referred to herein as the "IBIP Specifications". The IBIP includes interfacing
~ user (customer), postal and vendor infrastructures which are the system
elements of the program.

CA 02221670 1997-11-20
The user infrastructure, which resides at the user's site, comprises a
postal security device (PSD) coupled to a host system. The PSD is a secure
processor-based accounting device that dispenses and accounts for postal
value stored therein. The host system may be a personal computer (PC) or a
5 meter-based host processor. Among the various requirements set forth in the
Host System Specification is that the host system verifies that the coupled
PSD is "the expected PSD". Conventional postage metering devices and
recent digital metering devices, such as PostPerfect and Personal Post
Office, both manufactured by the assignee of the present invention, do not
10 include such verification. Thus, a method for achieving such verification is
desired.
U.S. Patent No. 5,510,992 discloses a method whereby the host PC
verifies that a storage means that is coupled to the host PC and has postal
value stored therein, is authorized for use with the host PC. The method
15 comprises the steps of storing a unique identifier, such as a serial number, in
the storage means when the storage means is filled with postal value, and
sending the unique identifier to the host PC when postage value is requested
for dispensing. The host PC then verifies that the storage means is
authorized for use with the host PC by confirming that the unique identifier
20 retrieved from the storage device is the same as one stored in the host PC.
Although such method verifies that the storage means is the expected
storage device, the storage means is not a PSD because it is not a
processor-based accounting device that dispenses and accounts for postal
value stored therein. Furthermore, the verification of the serial number in the
25 host PC is subject to fraud.

CA 02221670 1997-11-20
Summary of the Invention
It has been found that the present invention provides a more secure
and reliable system and method for verifying the expected PSD is coupled to
5 the host PC. It has further been found that the present invention provides a
secure and reliable system and method for verifying the expected host PC is
coupled to the PSD.
The present invention provides a secure and reliable method for
verifying in the host system that the expected PSD is coupled to the host
10 system. In accordance with the present invention, a message, such as a
random number, is generated in the Host system and sent to the PSD. In one
embodiment, the PSD encrypts the number and transmits it to the Host
system. The Host system decrypts the encrypted number and ensures it
corresponds with the number originally generated and transmitted to the
15 PSD. In an alternate embodiment, the random number is signed in the PSD.
The signed number is transmitted to the Host where the signature is verified.
The generated message may include data indicating status of the PSD
based, for example a checksum of PSD transaction records stored in the host
system. Methods for verifying in a PSD that the expected host is coupled to
20 the PSD mirrors the two embodiments for verifying the expected PSD.
Description of the Drawinqs
The above and other objects and advantages of the present invention
will be apparent upon consideration of the following detailed description,
taken in conjunction with accompanying drawings, in which like reference
25 characters refer to like parts throughout, and in which:
Fig. 1 is a block diagram of a postage metering system in accordance
with the present invention showing a process for storing keys in a host
system and a PSD coupled thereto;
Fig. 2 is a flow chart showing an alternate process for storing keys in a
30 host system and a PSD coupled thereto;

CA 02221670 1997-11-20
Fig. 3 is a flow chart of a preferred method for verifying the expected
PSD is coupled to the host system;
Fig. 4 is a flow chart of showing a method corresponding to that of Fig.
3 for verifying the expected host system;
Fig. 5 is a flow chart of an alternate method for verifying the expected
PSD is coupled to the host system; and
Fig. 6 is a flow chart of showing an alternate method corresponding to
that of Fig. 5 for verifying the expected host system.
Detailed Description of the Present Invention
In describing the present invention, reference is made to the drawings,
wherein there is seen system and methods for verifying the expected postal
security device in a host system and conversely verifying the expected host
system. Referring now to Fig. 1, a postage metering system, generally
designated 10, includes a Host PC 20 coupled to a PSD 30, a Data Center 40
15 and a manufacturer 50. The manufacturer 50 initializes PSD 30 with an
identification number, such as PSD ID 321 and a cryptographic key, such as
PSD private key 34. The manufacturer 50 also sends the PSD ID 32 and a
cryptographic key corresponding to the key in the PSD 30, such as PSD
public key 36, to the Data Center 40. The Data Center 40 then sends the
20 PSD ID 32 and the public key 36, to the Host PC 20. For the purpose of
describing the present invention, the PSD private and public keys are stored
in PSD 30 and Host PC 20 respectively. It will be understood that a secret
key shared by the Host PC and the PSD may be used in place of such key
pair.
The Host PC 20 and PSD 30 each include a microprocessor and
memory (not shown). The Host PC 20 further includes a message generator
22 for generating a message. The message may be a random number or
may include data indicating status of the PSD, for example a checksum 24 of
PSD transaction records stored a log files in Host PC 20. For the following
30 description of the present invention checksums will be used. The PSD
records stored in Host PC 20 correspond to PSD records stored in PSD 30
for each transaction by PSD 30. For a more detailed description of such

CA 02221670 1997-11-20
storage of PSD records see Canadian Patent Application Serial Number
2,193,026, filed December 16, 1996, assigned to the assignee of the present
invention, and incorporated herein by reference.
Referring now to Fig. 2, an alternate method for initializing the PSD
5 with a cryptographic key is shown. At step 100, Host PC 20 generates a
secret key or a key pair. The key or key pair is stored in Host PC 20, at step
105. Host PC 20 the sends the secret key or one of the keys of the key pair
to PSD 30, at step 110. PSD 30 stores the key received from Host PC 20, at
step 11 5.
10Referring now to Fig. 3, a method is shown for verifying in Host PC 20
that the expected PSD is coupled thereto. At step 200, the Host PC
generates a message. In accordance with the present invention, the
message may be in the form of a random number or may be a checksum of a
PSD transaction log stored in the Host PC. The Host PC, at step 205, sends
15the message to the PSD. If a checksum has been sent, the at step 210, the
PSD compares the message received with a checksum of a PSD transaction
log stored in the PSD. If the checksum received is not the same as the
checksum of the PSD transaction log, then an error is flagged, at step 215,
indicating that there is a discrepancy between the PSD logs stored in the
20Host PC and the PSD. If the checksums are the same or if the message is a
random number, at step 220, the PSD signs the message with the PSD
private key. At step 225, the PSD sends the signed message to the Host PC.
At step 230, the Host PC verifies the signature using the PSD public
key stored in the Host PC. If the signature is not verified at step 2351 the
25Host PC rejects the PSD from processing any further transactions, at step
240. If the signature is verified, at step 245, the expected PSD has been
verified and the Host PC can begin request postal value from the PSD. It will
be understood by those skilled in the art that other cryptographic processing,
such as encryption or hashing may be used in place of signing.
30Referring now to Fig. 4, it may be required that in addition to the Host
PC verifying the expected PSD, the PSD verify that the expected Host PC is
coupled to the PSD. In the preferred embodiment of the present invention,

CA 02221670 1997-11-20
such verification of the expected Host PC mirrors the process for verifying the
expected PSD as set forth above.
At step 300, the PSD generates a message. In accordance with the
present invention, the message may be in the form of a random number or
may be a checksum of a PSD transaction log stored in the PSD. The PSD, at
step 305, sends the message to the Host PC. If a checksum has been sent,
the at step 310, the Host PC compares the message received with a
checksum of a PSD transaction log stored in the Host PC. If the checksum
received is not the same as the checksum of the PSD transaction log, then an
10 error is flagged, at step 315, indicating that there is a discrepancy betweenthe PSD logs stored in the PSD and the Host PC. If the checksums are the
same or if the message is a random number, at step 320, the Host PC signs
the message with the Host PC private key. At step 325, the Host PC sends
the signed message to the PSD.
At step 330, the PSD verifies the signature using the Host PC public
key stored in the PSD. If the signature is not verified at step 335, the PSD
rejects the Host PC from processing any further transactions, at step 340. If
the signature is verified, at step 345, the expected Host PC has been verified
and the PSDis ready to accept transaction requests from the Host PC.
Referring now to Fig. 5, an alternate method for verifying the expected
PSD is shown. At step 400, the Host PC generates a message, such as a
random number or a checksum of a PSD transaction log stored in the Host
PC. The Host PC encrypts the message with the PSD public Key, at step
405, and sends the message to the PSD, at step 410. At step 415, the PSD
25 decrypts the encrypted message received. If a checksum has been sent
then, at step 420, the PSD compares the message received with a checksum
of a PSD transaction log stored in the PSD. If the checksum received is not
the same as the checksum of the PSD transaction log, then an error is
flagged, at step 425, indicating that there is a discrepancy between the PSD
30 logs stored in the Host PC and the PSD. If the checksums are the same or if
the message is a random number, at step 430, the PSD sends the decrypted
message to the Host PC.

CA 02221670 1997-11-20
At step 435, the Host PC verifies that the message received from the
PSDis the same as the message generated in the Host PC. If not the same
at step 440, the Host PC rejects the PSD from processing any further
transactions, at step 445. If the message received from the PSD is the same
5as the message generated in the Host PC, at step 450, the expected PSD
has been verified and the Host PC can begin request postal value from the
PSD.
Referring now to Fig. 6, an alternate method for the PSD verifying that
the expected Host PC is coupled to the PSD is shown which mirrors the
10process for verifying the expected PSD as shown in Fig. 5.
At step 500, the PSD generates a message, such as a random number
or a checksum of a PSD transaction log stored in the PSD. The PSD
encrypts the message with the Host PC public Key, at step 505, and sends
the message to the Host PC, at step 510. At step 515, the Host PC decrypts
15the encrypted message received. If a checksum has been sent then, at step
520, the Host PC compares the message received with a checksum of a PSD
transaction log stored in the Host PC. If the checksum received is not the
same as the checksum of the PSD transaction log, then an error is flagged, at
step 525, indicating that there is a discrepancy between the PSD logs stored
20in the PSD and the Host PC. If the checksums are the same or if the
message is a random number, at step 530, the Host PC sends the decrypted
message to the PSD.
At step 535, the PSD verifies that the message received from the Host
PC is the same as the message generated in the PSD. If not the same at
25step 540, the PSD rejects the Host PC from processing any further
transactions, at step 545. If the message received from the Host PC is the
same as the message generated in the PSD, at step 550, the expected Host
PC has been verified and the PSD can begin to accept requests for postal
value from the Host PC.
30It has been found that the present invention is suitable for use with any
security device that is coupled to a host system in an unsecured manner. For
example, the present invention could be used for a certificate metering
system such as disclosed in Canadian Patent Application Serial No.

CA 02221670 1997-11-20
2,183,274, filed August 14, 1996, assigned to the assignee of the present
invention, and incorporated herein by reference.
While the present invention has been disclosed and described with
reference to specific embodiments thereof, it will be apparent, as noted
above, that variations and modifications may be made therein. It is, thus,
intended in the following claims to cover each variation and modification,
including a certificate metering system, that falls within the true spirit and
scope of the present invention.

Representative Drawing
A single figure which represents the drawing illustrating the invention.
Administrative Status

2024-08-01:As part of the Next Generation Patents (NGP) transition, the Canadian Patents Database (CPD) now contains a more detailed Event History, which replicates the Event Log of our new back-office solution.

Please note that "Inactive:" events refers to events no longer in use in our new back-office solution.

For a clearer understanding of the status of the application/patent presented on this page, the site Disclaimer , as well as the definitions for Patent , Event History , Maintenance Fee  and Payment History  should be consulted.

Event History

Description Date
Inactive: IPC from MCD 2006-03-12
Inactive: Dead - No reply to s.30(2) Rules requisition 2003-10-29
Application Not Reinstated by Deadline 2003-10-29
Deemed Abandoned - Failure to Respond to Maintenance Fee Notice 2002-11-20
Inactive: Abandoned - No reply to s.30(2) Rules requisition 2002-10-29
Inactive: S.30(2) Rules - Examiner requisition 2002-04-29
Application Published (Open to Public Inspection) 1998-05-21
Classification Modified 1998-02-25
Inactive: IPC assigned 1998-02-25
Inactive: First IPC assigned 1998-02-25
Filing Requirements Determined Compliant 1998-02-11
Letter Sent 1998-02-11
Inactive: Filing certificate - RFE (English) 1998-02-11
Application Received - Regular National 1998-02-10
All Requirements for Examination Determined Compliant 1997-11-20
Request for Examination Requirements Determined Compliant 1997-11-20

Abandonment History

Abandonment Date Reason Reinstatement Date
2002-11-20

Maintenance Fee

The last payment was received on 2001-11-05

Note : If the full payment has not been received on or before the date indicated, a further fee may be required which may be one of the following

  • the reinstatement fee;
  • the late payment fee; or
  • additional fee to reverse deemed expiry.

Please refer to the CIPO Patent Fees web page to see all current fee amounts.

Fee History

Fee Type Anniversary Year Due Date Paid Date
Request for examination - standard 1997-11-20
Registration of a document 1997-11-20
Application fee - standard 1997-11-20
MF (application, 2nd anniv.) - standard 02 1999-11-22 1999-11-15
MF (application, 3rd anniv.) - standard 03 2000-11-20 2000-11-08
MF (application, 4th anniv.) - standard 04 2001-11-20 2001-11-05
Owners on Record

Note: Records showing the ownership history in alphabetical order.

Current Owners on Record
PITNEY BOWES INC.
Past Owners on Record
FREDERICK W., JR. RYAN
ROBERT A. CORDERY
Past Owners that do not appear in the "Owners on Record" listing will appear in other documentation within the application.
Documents

To view selected files, please enter reCAPTCHA code :



To view images, click a link in the Document Description column. To download the documents, select one or more checkboxes in the first column and then click the "Download Selected in PDF format (Zip Archive)" or the "Download Selected as Single PDF" button.

List of published and non-published patent-specific documents on the CPD .

If you have any difficulty accessing content, you can call the Client Service Centre at 1-866-997-1936 or send them an e-mail at CIPO Client Service Centre.

 Download Selected in PDF format (Zip Archive)
 Download Selected as Single PDF
Document
Description 		 Date
(yyyy-mm-dd) 		 Number of pages   Size of Image (KB) 
Representative drawing 1998-05-27 1 8
Description 1997-11-20 8 361
Abstract 1997-11-20 1 23
Claims 1997-11-20 5 137
Drawings 1997-11-20 6 102
Cover Page 1998-05-27 2 62
Courtesy - Certificate of registration (related document(s)) 1998-02-11 1 118
Filing Certificate (English) 1998-02-11 1 165
Reminder of maintenance fee due 1999-07-21 1 114
Courtesy - Abandonment Letter (Maintenance Fee) 2002-12-18 1 176
Courtesy - Abandonment Letter (R30(2)) 2003-01-07 1 167